[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] Centraleyezer: Unrestricted File Upload — [CVE-2019–12311]
Centraleyezer: Unrestricted File Upload — [CVE-2019–12311]
Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded.
The attacker could upload a html page that runs a script, when the victim tries to download the template, it loads the html page with the script.
Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/