vendor:
Achievo
by:
CYBSEC S.A. Security Systems
4.3
CVSS
MEDIUM
Cross Site Scripting
79
CWE
Product Name: Achievo
Affected Version From: Achievo 1.4.2
Affected Version To: Achievo 1.4.3
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Any
2009
Affected Platforms: Any running Achievo
A permanent Cross Site Scripting vulnerability was found in Achievo 1.4.2, because the application fails to sanitize user-supplied input. The vulnerability can be triggered by any logged-in user who is able to add a Scheduler Category.
Mitigation:
New category is now correctly sanitized.