1 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. Cowell enterprise travel management system no presenta un filtrado suficiente para los caracteres especiales dentro de la URL de la web. Un atacante remoto no autenticado puede inyectar JavaScript y llevar a cabo un ataque de tipo XSS (Cross-Site Scripting Reflejado) • https://www.twcert.org.tw/tw/cp-132-6524-74530-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •