Stored XSS Vulnerability in TotalJS OpenPlatform Allows Arbitrary Code Execution via Crafted Payload in Account Name Field

Stored XSS Vulnerability in TotalJS OpenPlatform Allows Arbitrary Code Execution via Crafted Payload in Account Name Field

CVE-2023-27069 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field.

Learn more about our Web App Pen Testing.