Security Vulnerabilities fixed in Zucchetti InfoBusiness 4.42
Description
In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page. Other vulnerabilities include cross-site request forgery (CSRF), cross-site scipting (XSS), and even uploading .php files in order to achieve code execution.
Affected Applications
InfoBusiness