Centraleyezer: Unrestricted File Upload — CVE-2019–12311

Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded.

The attacker could upload a html page that runs a script, when the victim tries to download the template, it loads the html page with the script.

This vulnerability was reported as fixed.

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12311

https://seclists.org/fulldisclosure/2019/Nov/9

Technical Lead @ convisoappsec.com

Technical Lead @ convisoappsec.com