vendor:
openQRM
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: openQRM
Affected Version From: openQRM 4.8
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:openqrm_project:openqrm:4.8
Platforms Tested: Unknown
Unknown
Cross-Site Scripting Vulnerability in openQRM
The openQRM application fails to properly sanitize user-supplied data, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially stealing their authentication credentials and launching further attacks.
Mitigation:
It is recommended to sanitize and validate user-supplied input before using it in web applications to prevent XSS attacks. Implementing a Web Application Firewall (WAF) can also help in mitigating this vulnerability.