The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:NSick Field Analytics
APPSickwszystkie wersje
Related vulnerabilities
The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a ...
A remote unauthorized attacker may gather sensitive information of the application, due to missing authorizati...
For failed login attempts, the application returns different error messages depending on whether the login fai...
The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server in...
The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to infor...