Computrols Building Automation Software 19.0.0 Cross Site Scripting Vulnerability

Summary

Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.

Credit:

The information has been provided by Computrols
The original article can be found at: https://applied-risk.com/labs/advisories


Details

Computrols Building Automation Software is prone to a cross-site scripting vulnerability.This allows remote attackers to inject arbitrary web script or HTML via vulnerable vectors.A remote attacker can use cross-site scripting(XSS) to send a hostile script to an unsuspicious user

Vulnerable Systems:

  • Computrols Building Automation Software 19.0.0

CVE Information:

CVE-2019-10846

Disclosure Timeline:
Publish Date:05/23/2019

Categories: News