CVE-2023-51063

Name of the Vulnerable Software and Affected Versions QStar Archive Solutions version RELEASE 3-0 Build 7 Patch 0

Description A DOM Based Reflected Cross Site Scripting (XSS) issue was found in the qnme-ajax component, specifically in the method=tree level endpoint. This allows for potential malicious script injection and execution.

Recommendations For QStar Archive Solutions version RELEASE 3-0 Build 7 Patch 0, consider disabling the qnme-ajax component or restricting access to the method=tree level endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.