CVE-2019-18205

Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
zucchettiinfobusiness
𝑥
≤ 4.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=42
https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=42