Sysax MultiServer 6.90 - Reflected Cross Site Scripting

vendor:

Sysax MultiServer

by:

Luca Epifanio (wrongsid3)

6.1

CVSS

MEDIUM

Reflected Cross Site Scripting

CWE

Product Name: Sysax MultiServer

Affected Version From: 6.90

Affected Version To: 6.90

Patch Exists: YES

Related CWE: CVE-2020-13228

CPE: a:sysax:sysax_multiserver:6.90

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 x64

2020

There is reflected XSS via the /scgi sid parameter.

Input validation and output encoding should be used to prevent XSS attacks.

Source