Source |
IT Security Guru |
Identifiant |
1644428 |
Date de publication |
2020-04-09 09:59:45 (vue: 2020-04-09 10:08:40) |
Titre |
Procurement solution used by government bodies found to contain zero-day bug |
Texte |
A zero-day cross-site scripting vulnerability has been discovered in BuySpeed, an automated procure-to-pay tool from Periscope Holdings, a provider of procurement software solutions for public-sector entities and their suppliers. The flaw, found in BuySpeed version 14.5, “could allow a local, authenticated attacker to store arbitrary JavaScript within the application,” warns a vulnerability advisory from the […]
|
Envoyé |
Oui |
Condensat |
advisory allow appeared application arbitrary attacker authenticated automated been bodies bug buyspeed contain cross day discovered entities first flaw found from government guru has holdings javascript local pay periscope post procure procurement provider public scripting sector security site software solution solutions store suppliers tool used version vulnerability warns within zero “could |
Tags |
Tool
Vulnerability
|
Stories |
|
Notes |
|
Move |
|