vendor:
RLM
by:
Mohammed A.Siledar
6.1
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: RLM
Affected Version From: rlm.v14.2BL4
Affected Version To: rlm.v14.2BL4
Patch Exists: NO
Related CWE: CVE-2022-30519
CPE: rlm.v14.2BL4-x64_w3.admin.exe
Platforms Tested: Windows 10
2021
Reprise Software RLM v14.2BL4 – Cross-Site Scripting (XSS)
Reprise Software RLM v14.2BL4 is vulnerable to Cross-Site Scripting (XSS). An attacker can inject malicious JavaScript code into the username and password fields of the login page. This code will be executed when the page is loaded by the victim, allowing the attacker to perform malicious actions such as stealing cookies, session tokens, etc.
Mitigation:
Input validation should be performed on all user-supplied data to prevent XSS attacks. Sanitizing user input by encoding special characters can also help prevent XSS attacks.