CVE-2023-30454

CVE-2023-30454

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be passed to an eval() function and executed upon pressing the continue button.

Source: CVE-2023-30454

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다