2 matches found
BooleBox Stored Cross-Site Scripting (CVE-2020-13248)
A stored cross-site scripting vulnerability exists in BooleBox. This vulnerability is due to insufficient validation of user avatar json parameter. Successful exploitation could result in execution of arbitrary scripts on the affected system...
CVE-2020-13248
BooleBox Secure File Sharing Utility pre-4.2.3.0 suffers a stored XSS vulnerability (CVE-2020-13248) in the My Account avatar data sent to Account.aspx. A crafted avatar field can execute scripts in the affected session. Root cause: insufficient validation of the avatar JSON parameter. The CVE en...