CVE-2023-5989

Name of the Vulnerable Software and Affected Versions LioXERP versions prior to v.146

Description The issue is related to an improper neutralization of input during web page generation, which allows for Cross-site Scripting (XSS). Specifically, it enables an authenticated user to execute Stored XSS. This means that an attacker can inject malicious scripts into the website, which are then stored and executed by the application, potentially leading to unauthorized actions or data theft.

Recommendations For versions prior to v.146, update to version v.146 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation. Additionally, ensure that all user input is properly validated and sanitized to prevent malicious scripts from being injected into the website.