vendor:
FileRun
by:
Emre ÖVÜNÇ
6.1
CVSS
MEDIUM
Reflected Cross-Site Scripting
79
CWE
Product Name: FileRun
Affected Version From: v2019.05.21
Affected Version To: v2019.05.21
Patch Exists: YES
Related CWE: CVE-2019-12905
CPE: filerun
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows/Linux
2019
FileRun 2019.05.21 – Reflected Cross-Site Scripting
To exploit vulnerability, someone could upload an allowed file named “><img src=x onerror=prompt(document.domain)> to impact users who open the page.
Mitigation:
The vendor has released a patch to address this vulnerability.
