SG-3127 CLONE - Base - App Server security reflected XSS vulnerability - HxGN EAM - - Release Bulletin - Hexagon

HxGN EAM Resolved Issues for 2023

Search by Category
Release Bulletin
HxGN EAM Version


AppSec detected critical vulnerability with EAM Prod.

(XSS in a script tag's inner text (JS): insertion_point, param name dp76566603128441a1b23609b921aa8c66dp). XSS can be used to inject malicious JavaScript in the affected domain. The injected JavaScript can be leveraged to steal cookies and force users into carrying out unintended actions within the affected origin. This vulnerability can also be used to steal globally scoped cookies and attack other sites with CORS misconfigurations.

The following best practices are recommended:

* HTML encode data before displaying it back to the UI

* Perform input validation of user-supplied data

* Set up a Content-Security-Policy in your domain

Please find attached list of all the findings detected so far.