A Cross-Site Scripting (XSS) issue in the βupdate userβ and βdelete userβ functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator.
CPE | Name | Operator | Version |
---|---|---|---|
eps_tse_server_8_firmware | eq | 21.0.11 |