Primary

Context

Cordaware Bestinformed Web Application Authenticated Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

An authenticated stored cross-site scripting vulnerability has been identified in the Cordaware Bestinformed Web application, specifically in version 6.2.3.1. This vulnerability arises from improper sanitization of user input, allowing authenticated attackers to inject JavaScript code into the sessions of other users. As a result, attackers could compromise the sessions of users with higher privileges, facilitating unauthorized access or actions.

Impact

Exploitation of this vulnerability allows for authenticated stored cross-site scripting, with the potential to hijack the sessions of other users on the server.

Remediation

Users can update to Cordaware Bestinformed Web Interface version 6.2.2.5, which addresses this vulnerability. After this version, the session logic has been improved with enhanced security mechanisms.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cordaware Bestinformed Web Application Authenticated Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cordaware bestinformed Web Interface

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating