| 제목 | WebSystems WebTOTUM (2026) Cross Site Scripting |
|---|
| 설명 | WebTOTUM is a cloud-based business management software developed by WebSystems and it's an all-in-one platform for managing a company’s operations online.
A stored cross-site scripting (XSS) vulnerability has been discovered in the software that allows attackers to inject web scripts or arbitrary HTML code by manipulating the calendar feature on the homepage dashboard. The payload is stored on the server and executed in the context of other users’ browsers when they access the affected page. This vulnerability arises from insufficient validation or escaping of user-supplied input and may allow attackers to compromise user sessions or perform unauthorized actions. |
|---|
| 원천 | ⚠️ https://olografix.org/acme/WebTOTUM-POC.gif |
|---|
| 사용자 | acme (UID 61097) |
|---|
| 제출 | 2026. 04. 01. PM 12:56 (22 날 ago) |
|---|
| 모더레이션 | 2026. 04. 21. PM 01:56 (20 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 358434 [WebSystems WebTOTUM 2026 Calendar 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|