CVE-2020-28047

Publication date

2020-11-05 14:57:26

Family

mitre

State

PUBLISHED

Description

AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via action, cargo, panel parameters that can lead to data leakage.