An issue exists in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager prior to 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be decrypted.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simmeth lieferantenmanager |