agorum Software Agorum Core Open Reflected Cross-Site Scripting Vulnerability
Vulnerability
A reflected cross-site scripting vulnerability has been identified in agorum Software GmbH's Agorum Core Open versions 11.9.2 and 11.10.1. This vulnerability allows attackers to inject malicious scripts that are executed in the context of the user's browser session. The issue arises from improper input sanitization and output encoding, which can compromise user sessions, steal credentials, or deface content.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the victim's browser.
Reproduction
To reproduce this vulnerability, send a GET request to the application with a crafted userName parameter that includes a script injection payload. The injected script will be reflected in the response and executed in the user's browser.
Remediation
Users can upgrade to agorum core open versions 11.9.2 or 11.10.1 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.