Cross-Site Scripting (XSS) Vulnerability in Cantemo Portal Versions 3.2.13, 3.3.x, and 3.4.x

Cross-Site Scripting (XSS) Vulnerability in Cantemo Portal Versions 3.2.13, 3.3.x, and 3.4.x

CVE-2019-7551 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.

Learn more about our User Device Pen Test.