Posted by merion44 via Fulldisclosure on Aug 06

app: connect-app (cdu) (version: 3.8)

cross-site scripting in the registration form name variables. Remote attackers can inject js payloads as name variables
to exploit the frontend in the profile view and potentially execute in the backend via the preview. Uncertainty in
validating object names in outbound emails, causing the context to be validated insecurely. This allows reflected
execution in the message body of the email where the name…
Read More – Full Disclosure

By |2021-08-06T12:19:00-04:00August 6th, 2021|