Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) DICTIONARY, (2) FILTERIDENT, (3) FROMSCHEME, (4) FromPoint, or (5) FName_0 parameter and a valid sid parameter value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bssys rbs bs-client. retail client |
||
bssys rbs bs-client. retail client 2.5 |