Insufficient XSS Protection in Feedback.asp of Xiao5uCompany 1.7

Insufficient XSS Protection in Feedback.asp of Xiao5uCompany 1.7

CVE-2018-14527 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).

Learn more about our Web Application Penetration Testing UK.