| 제목 | Ingenico The estate manager 2023 Cross Site Scripting |
|---|
| 설명 | While evaluating Ingenico Estate Manager during a customer engagement. A stored cross-site scripting (XSS) vulnerability has been discovered in the news feed feature, which is managed by an administrator account. The vulnerability is in the href attribute of a link when a new message is posted. An attacker can use this vulnerability to inject malicious Javascript code in the context of a victim's browser, which can be triggered by clicking on the link. |
|---|
| 원천 | ⚠️ https://gentle-khaan-c53.notion.site/Stored-XSS-in-Ingenico-The-Estate-Manager-90089eaef5574b929fe019c3d0686b63 |
|---|
| 사용자 | Farouk (UID 69824) |
|---|
| 제출 | 2024. 06. 09. PM 11:30 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 06. 17. PM 03:19 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 268787 [Ingenico Estate Manager 2023 News Feed /emgui/rest/ums/messages 메시지 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|