HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters.An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the ...
6.5CVSS
6.9AI Score
0.0005EPSS
HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.
6.1CVSS
6.1AI Score
0.0005EPSS