Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section (or change existing work orders). The XSS payload is in the work order number.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-15T06:07:40

Updated: 2024-08-04T03:15:29.119Z

Reserved: 2021-09-22T00:00:00

Link: CVE-2021-41557

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-12-15T07:15:07.273

Modified: 2024-11-21T06:26:25.113

Link: CVE-2021-41557

cve-icon Redhat

No data.