CVE-2019-18207

Published: Oct 30, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=42

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-18207

Description

Affected Products

References