Yas Arghavani System Engineering Company "https://www.sys-yaas.com/", a provider of information technology services and payment by Bank Mellat, is an affiliate member of Bank Mellat Information Technology Holding and provides all banking services of this bank, which is one of the most important banks in the Islamic Republic. Iran. Unfortunately, the company's website has two important security issues that hackers can easily steal sensitive information by stealing cookies. Problem explanation: This site uses jQuery 3.4.1, which is a completely outdated version of the well-known Cross-site scripting vulnerabilities such as CVE-2020-11022 with an average risk score of 5.5 according to the CVSSv3.1 Score And CVE-2020-11023 has an average risk score of 4.1 according to the CVSSv3.1 Score And allows the hacker to exploit the problem to access sensitive information and cookies And it is necessary to immediately update to the latest version 3.6.0 to solve the "vulnerable" security problem of jQuery Bootstrap 4.3.1 This site also needs to be updated "Update to the latest version 4.6.1 to fix the" vulnerable "security issue immediately"
Copyright ©2024 Exploitalert.