Stored XSS Vulnerability in ERP POS News Page Allows Remote Attackers to Inject Malicious JavaScript and Manipulate Customer Information

Stored XSS Vulnerability in ERP POS News Page Allows Remote Attackers to Inject Malicious JavaScript and Manipulate Customer Information

CVE-2021-30171 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.

Learn more about our User Device Pen Test.