Persistent Cross Site Scripting in Web Applications...
Moderate severity
Unreviewed
Published
Dec 1, 2021
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Nov 30, 2021
Published to the GitHub Advisory Database
Dec 1, 2021
Last updated
Feb 1, 2023
Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then rendered in the Search Functionality, to alter the intended functionality and steal cookies, the latter allowing for account takeover.
References