Description
Webswing application name is not sanitized and may contain html with script injection
Who is impacted?
Application name is only editable by user with full access to Admin console or webswing.config file therefore this vulnerability can only be exploited in case the attacker gains access to modify the application name.
Fixed Versions
Vulnerability is fixed in following versions:
- 23.1.4 and newer
all older version are vulnerable.
