Submit #353237: Ingenico The estate manager 2023 Cross Site Scriptinginfo

TitleIngenico The estate manager 2023 Cross Site Scripting
DescriptionWhile evaluating Ingenico Estate Manager during a customer engagement. A stored cross-site scripting (XSS) vulnerability has been discovered in the news feed feature, which is managed by an administrator account. The vulnerability is in the href attribute of a link when a new message is posted. An attacker can use this vulnerability to inject malicious Javascript code in the context of a victim's browser, which can be triggered by clicking on the link.
Source⚠️ https://gentle-khaan-c53.notion.site/Stored-XSS-in-Ingenico-The-Estate-Manager-90089eaef5574b929fe019c3d0686b63
User
 Farouk (UID 69824)
Submission06/09/2024 23:30 (10 months ago)
Moderation06/17/2024 15:19 (8 days later)
StatusAccepted
VulDB Entry268787 [Ingenico Estate Manager 2023 News Feed /emgui/rest/ums/messages Message cross site scripting]
Points17

Do you need the next level of professionalism?

Upgrade your account now!