XSS Filter Bypass in sysPass 2.1.9

CVE-2017-9306 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.

Learn more about our Web Application Penetration Testing UK.