vendor:
RockMongo
by:
Rafael Pedrero
6.5
CVSS
MEDIUM
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: RockMongo
Affected Version From: 1.1.2007
Affected Version To: 1.1.2007
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows 7 and 10
2020
RockMongo 1.1.7 – Stored Cross-Site Scripting (XSS)
RockMongo v1.1.7, does not sufficiently encode user-controlled inputs, resulting in a stored and reflected Cross-Site Scripting (XSS) vulnerability via the index.php, in multiple parameter.
Mitigation:
To mitigate this vulnerability, ensure that all user-controlled inputs are properly encoded or sanitized before being used in the application.
