Description

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.

Related CPE's

a

wems

enterprise_manager

4

References

https://cxsecurity.com/issue/WLB-2020010032

ExploitThird Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5551.php

ExploitThird Party Advisory

https://cxsecurity.com/issue/WLB-2020010032

ExploitThird Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5551.php

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-28T13:15:07.883Z

4 years ago

Last modified

2024-11-21T04:12:59.067Z

1 year ago