Advertisement






WEB SITE Yas Arghavani System XSS

CVE Category Price Severity
CVE-2020-11022 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown Critical Remote 2022-06-11
CVSS
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022060033

Below is a copy:

WEB SITE Yas Arghavani System XSS
Yas Arghavani System Engineering Company "https://www.sys-yaas.com/", a provider of information technology services and payment by Bank Mellat, is an affiliate member of Bank Mellat Information Technology Holding and provides all banking services of this bank, which is one of the most important banks in the Islamic Republic. Iran.

Unfortunately, the company's website has two important security issues that hackers can easily steal sensitive information by stealing cookies.

 
Problem explanation:

This site uses jQuery 3.4.1, which is a completely outdated version of the well-known Cross-site scripting vulnerabilities such as
 
 CVE-2020-11022 with an average risk score of 5.5 according to the CVSSv3.1 Score
And
 CVE-2020-11023 has an average risk score of 4.1 according to the CVSSv3.1 Score
And allows the hacker to exploit the problem to access sensitive information and cookies
And it is necessary to immediately update to the latest version 3.6.0 to solve the "vulnerable" security problem of jQuery
 
Bootstrap 4.3.1 This site also needs to be updated
"Update to the latest version 4.6.1 to fix the" vulnerable "security issue immediately"

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.