WEB SITE Yas Arghavani System XSS

2022.06.11
ir E1.Coders (IR) ir
Risk: Low
Local: No
Remote: Yes
CWE: N/A

Yas Arghavani System Engineering Company "https://www.sys-yaas.com/", a provider of information technology services and payment by Bank Mellat, is an affiliate member of Bank Mellat Information Technology Holding and provides all banking services of this bank, which is one of the most important banks in the Islamic Republic. Iran. Unfortunately, the company's website has two important security issues that hackers can easily steal sensitive information by stealing cookies. Problem explanation: This site uses jQuery 3.4.1, which is a completely outdated version of the well-known Cross-site scripting vulnerabilities such as CVE-2020-11022 with an average risk score of 5.5 according to the CVSSv3.1 Score And CVE-2020-11023 has an average risk score of 4.1 according to the CVSSv3.1 Score And allows the hacker to exploit the problem to access sensitive information and cookies And it is necessary to immediately update to the latest version 3.6.0 to solve the "vulnerable" security problem of jQuery Bootstrap 4.3.1 This site also needs to be updated "Update to the latest version 4.6.1 to fix the" vulnerable "security issue immediately"


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top