Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:40712
HistoryMay 29, 2023 - 2:46 a.m.

Cross-site Scripting (XSS)

2023-05-2902:46:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
sscms
cross-site scripting
vulnerability
actionssearchcontroller
ajaxdivid
submit function
api endpoint
javascript
injection
sanitization

EPSS

0.001

Percentile

45.4%

SSCMS is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because of the improper sanitization in the ajaxDivId argument in the Submit function of ActionsSearchController.Submit.cs, which allows an attacker to inject and execute malicious javascript through the /api/stl/actions/search API endpoint.

Affected configurations

Vulners
Node
sscmsRange7.2.1
VendorProductVersionCPE
*sscms*cpe:2.3:a:*:sscms:*:*:*:*:*:*:*:*

EPSS

0.001

Percentile

45.4%

Related for VERACODE:40712