vendor:
Sysax MultiServer
by:
Luca Epifanio (wrongsid3)
6.1
CVSS
MEDIUM
Reflected Cross Site Scripting
79
CWE
Product Name: Sysax MultiServer
Affected Version From: 6.90
Affected Version To: 6.90
Patch Exists: YES
Related CWE: CVE-2020-13228
CPE: a:sysax:sysax_multiserver:6.90
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows 10 x64
2020
Sysax MultiServer 6.90 – Reflected Cross Site Scripting
There is reflected XSS via the /scgi sid parameter.
Mitigation:
Input validation and output encoding should be used to prevent XSS attacks.
