Incomplete XSS Filter in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (Versions up to 2.6.2) Allows Code Injection
CVE-2020-35563 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.
Learn more about our Web Application Penetration Testing UK.