vendor:
allocPSA
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: allocPSA
Affected Version From: 1.7.2004
Affected Version To: 1.7.2004
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Cross-Site Scripting Vulnerability in allocPSA
The allocPSA application fails to properly sanitize user-supplied data, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially allowing them to steal authentication credentials and launch further attacks.
Mitigation:
To mitigate this vulnerability, it is recommended to implement proper input validation and output encoding to prevent the execution of malicious scripts.