virus logo FortiClient Vulnerability

Security Vulnerabilities fixed in Zucchetti InfoBusiness 4.42

description-logoDescription

In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page. Other vulnerabilities include cross-site request forgery (CSRF), cross-site scipting (XSS), and even uploading .php files in order to achieve code execution.

affected-products-logoAffected Applications

InfoBusiness

CVE References

CVE-2019-18207 CVE-2019-18206 CVE-2019-18205 CVE-2019-18204

Other References

https://vulmon.com/searchpage?q=infobusiness
ID 2398
Created Sep 24, 2021
Description
Updated		 Nov 07, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Zucchetti
Patch manual
Application InfoBusiness