6 matches found
CVE-2020-16270
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of...
OLIMPOKS Cross-Site Scripting Vulnerability
OLIMPOKS is a mobile device application for vocational training from olimpoks Russia. The application offers provides the opportunity to conduct training in industrial safety certified areas approved by Rostekhnadzor, labor protection, labor protection, civil defense and emergency situations on...
CVE-2020-16270
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of...
CVE-2020-16270
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of...
CVE-2020-16270
CVE-2020-16270 affects OLIMPOKS v3.3.39 and involves an Auth/Admin ErrorMessage XSS that enables a remote attacker to inject JavaScript in vulnerable applications. The vulnerability stems from improper handling/validation of the ErrorMessage parameter, allowing script execution in the victim’s br...
Exploit for Cross-site Scripting in Olimpoks Olimpok
CVE-2020-16270 Suggested description: OLIMPOKS under 3...