Summary
In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user's browser under specific interaction conditions. Successful exploitation could lead to exposure of user data or unauthorized actions within the browser context.
Products Potentially Affected
|
OS/Product
|
Exposure
|
|
ExtremeControl for Site Engine
|
Yes
|
Repair Recommendations
- Fixed in 25.5.12 or later
Please see the full security advisory article here for future updates and more details.
