SSCMS is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because of the improper sanitization in the ajaxDivId
argument in the Submit
function of ActionsSearchController.Submit.cs
, which allows an attacker to inject and execute malicious javascript through the /api/stl/actions/search
API endpoint.