CVE-2020-28047
Published
CVSS v3
5.4
MEDIUM
CVSS v2
3.5
LOW
Affected
1
PROJECT
Description
AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage.
As a result of researching bugs, I often come across new and interesting vulnerabilities. I finally decided to create a centralized repository for proof of concepts. Everything is sorted by vendor with subdirectories for each product.
GitHub