Stored Cross Site Scripting (XSS) in Sofico Miles RIA 2020.2 Build 127964T via Crafted Work Order

Stored Cross Site Scripting (XSS) in Sofico Miles RIA 2020.2 Build 127964T via Crafted Work Order

CVE-2021-41557 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section (or change existing work orders). The XSS payload is in the work order number.

Learn more about our User Device Pen Test.