| Название | WebSystems WebTOTUM (2026) Cross Site Scripting |
|---|
| Описание | WebTOTUM is a cloud-based business management software developed by WebSystems and it's an all-in-one platform for managing a company’s operations online.
A stored cross-site scripting (XSS) vulnerability has been discovered in the software that allows attackers to inject web scripts or arbitrary HTML code by manipulating the calendar feature on the homepage dashboard. The payload is stored on the server and executed in the context of other users’ browsers when they access the affected page. This vulnerability arises from insufficient validation or escaping of user-supplied input and may allow attackers to compromise user sessions or perform unauthorized actions. |
|---|
| Источник | ⚠️ https://olografix.org/acme/WebTOTUM-POC.gif |
|---|
| Пользователь | acme (UID 61097) |
|---|
| Представление | 01.04.2026 12:56 (2 месяцы назад) |
|---|
| Модерация | 21.04.2026 13:56 (20 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 358434 [WebSystems WebTOTUM 2026 Calendar межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|