Version 21.3 was officially de-supported by the end of 2020. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This is fixed in all recent versions, such as version 26. In this way, if HTML code or client-side executable code (e.g., Javascript) is entered as input, the expected execution flow could be altered. ** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/ because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation.
0 Comments
Leave a Reply. |