ID4Portais in version < V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NDevlop.systems Id4portais
APPDevlop.Systems≤ 2022.837.002a
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS