CVE-2023-6275

Name of the Vulnerable Software and Affected Versions TOTVS Fluig Platform versions 1.6.x through 1.8.1

Description A problematic issue was found in the TOTVS Fluig Platform, affecting some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input "> leads to cross site scripting. The attack may be launched remotely.

Recommendations For TOTVS Fluig Platform versions 1.6.x, 1.7.x, and 1.8.0, upgrade to version 1.7.1-231128, 1.8.0-231127 respectively. For TOTVS Fluig Platform version 1.8.1, upgrade to version 1.8.1-231127.