Threat Encyclopedia

Client-side Code Injection, Cross-site Request Forgery, Cross-site Scripting, and Code Execution Vulnerabilities for Zucchetti InfoBusiness


In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page. Other vulnerabilities include cross-site request forgery (CSRF), cross-site scipting (XSS), and even uploading .php files in order to achieve code execution.

affected-products-logoAffected Products