Volerion logoVolerion
Volerion logoVolerion

Evisions MAPS Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Evisions MAPS version 6.10.2.267. This vulnerability allows attackers to execute arbitrary code in the context of the user's browser by injecting a crafted payload into the '/mw/' endpoint. The issue can be exploited to execute malicious JavaScript, potentially leading to account takeover or phishing attacks.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the user's browser, which could be used to take over the user's account or conduct phishing attacks.

Reproduction

To reproduce this vulnerability, send a request to the '/mw/' endpoint with a payload that includes a script tag. For example, a request could be made to '/mw/aaa<script>alert(document.cookie)</script>'. This will trigger the cross-site scripting vulnerability by executing the injected JavaScript, which in this case would display the user's cookies in an alert box.

Remediation

Users are advised to upgrade Evisions MAPS to the latest version.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.4
exploitability
7.7
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.