Description
The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting (XSS) attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code will be executed in the user's browser space.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- CEMI Tomasz Pawełek / CemiPark4.5 – 4.5
- CEMI Tomasz Pawełek / CemiPark4.7 – 4.7
- CEMI Tomasz Pawełek / CemiPark5.03 – 5.03