{"uuid": "a0fb044e-d53f-4572-9d6f-7d750151c3c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-7570", "type": "seen", "source": "https://t.me/cibsecurity/16637", "content": "\u203c CVE-2020-7570 \u203c\n\nA CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-20T00:41:57.000000Z"}