XSS 2
Presentation
XSS type injections are possible from eonweb, the injection parameters are the “Job Name” and “Job Description” fields. A user with permissions to access the export or autodiscovery can execute javascript code for example on the eonweb interface. This flaw therefore requires authentication and is more conducive to a fishing attack. It therefore does not present a significant danger.
Exploit
We have no knowledge of an exploit today.
Impacted Version(s)
EON 4.2+ EON 5.0+
Fixed Version(s)
Fix
Download latest EON fixed version.