2022-12-25 00:00:00
mitre
PUBLISHED
An issue was discovered in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victims encrypted password can be stolen and most likely be decrypted.