VYPR

InfoBusiness Web Component

by Zucchetti

CVEs (1)

  • CVE-2019-18207MedOct 30, 2019
    risk 0.35cvss 5.4epss 0.01

    In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page.