CVE-2018-17288

Published April 18th, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

3.5

LOW

Affected

PROJECT

Description

Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) "DeviceName" field in /Kofax/KFS/Admin/DeviceService/device/ - (Administration Console).

DrunkenShells/Disclosures

Public Disclosures

GitHub