2025-12-02 13:08:55
INCIBE
PUBLISHED
Reflected Cross-Site Scripting (XSS) in IDI Eikons Governalia. The vulnerability allows an attacker to execute JavaScript code in the victims browser when a malicious URL with the q parameter in /search is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.