| عنوان | WebSystems WebTOTUM (2026) Cross Site Scripting |
|---|
| الوصف | WebTOTUM is a cloud-based business management software developed by WebSystems and it's an all-in-one platform for managing a company’s operations online.
A stored cross-site scripting (XSS) vulnerability has been discovered in the software that allows attackers to inject web scripts or arbitrary HTML code by manipulating the calendar feature on the homepage dashboard. The payload is stored on the server and executed in the context of other users’ browsers when they access the affected page. This vulnerability arises from insufficient validation or escaping of user-supplied input and may allow attackers to compromise user sessions or perform unauthorized actions. |
|---|
| المصدر | ⚠️ https://olografix.org/acme/WebTOTUM-POC.gif |
|---|
| المستخدم | acme (UID 61097) |
|---|
| ارسال | 01/04/2026 12:56 PM (25 أيام منذ) |
|---|
| الاعتدال | 21/04/2026 01:56 PM (20 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 358434 [WebSystems WebTOTUM 2026 Calendar البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|