Incomplete XSS Filter in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (Versions up to 2.6.2) Allows Code Injection

Incomplete XSS Filter in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (Versions up to 2.6.2) Allows Code Injection

CVE-2020-35563 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.

Learn more about our Web Application Penetration Testing UK.