Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section (or change existing work orders). The XSS payload is in the work order number.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-12-15T06:07:40
Updated: 2024-08-04T03:15:29.119Z
Reserved: 2021-09-22T00:00:00
Link: CVE-2021-41557
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-12-15T07:15:07.273
Modified: 2024-11-21T06:26:25.113
Link: CVE-2021-41557
Redhat
No data.