ID 51473
Created Apr 18, 2022
Updated May 06, 2022
Severity dark-circle dark-circle dark-circle dark-circle dark-circle
Coverage switch-on-logo IPS (Regular DB)
switch-on-logo IPS (Extended DB)
Default Action drop
Active switch-on-logo
Affected OS Windows, Linux, BSD, Solaris, MacOS, All
Affected App Other

Legend

Active/Available switch-on-logo
InActive/Not Available switch-off-logo

Update History

Date Version Detail
2022-05-09 20.311 Default_action:pass:drop
2022-04-26 20.304

Threat Encyclopedia

ICT.Protege.GX.WX.Stored.XSS

description-logoDescription

This indicates an attack attempt to exploit a Cross Site Scripting Vulnerability in ICT Protege GX/WX.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests. A remote attacker may be able to exploit this to execute arbitrary script code in a user's browser.

affected-products-logoAffected Products

ICT Protege GX
Ver: 2.08.1002 K1B3
Lib: 04.00.217
Int: 2.3.235.J013
OS: 2.0.20
ICT Protege WX
Ver: 4.00 284 H062
App: 02.08.766
Lib: 04.00.169
Int: 02.2.208

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

Other References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5699.php

Telemetry logoTelemetry