Multiple Reflected Cross-site Scripting (XSS) Vulnerabilities in Zucchetti InfoBusiness 4.4.1 and Earlier

Multiple Reflected Cross-site Scripting (XSS) Vulnerabilities in Zucchetti InfoBusiness 4.4.1 and Earlier

CVE-2019-18205 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter.

Learn more about our User Device Pen Test.