samedi 30 mai 2020    || Inscription

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

lundi 6 avril 2020

VU#660597: Periscope BuySpeed is vulnerable to stored cross-site scripting

Periscope BuySpeed is a"tool to automate the full procure-to-pay process efficiently and intelligently". BuySpeed version 14.5 is vulnerable to stored cross-site scripting,which could allow a local,authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization,leading to it executing in the browser of the user. This could potentially allow for website redirection,session hijacking,or information disclosure.

Lien vers l'article source

Auteur: US Cert

Catégories: CertUSNombre de vues: 166


Événements SSI