CVE-2019-17551
CVE-2019-17551 affects Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5. An attacker can send an authenticated POST to /WFS/agreementView.faces to trigger a stored XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text field in the Notes section. The issue is tied to the WYSIW...