Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022060033

Below is a copy:

WEB SITE Yas Arghavani System XSS
Yas Arghavani System Engineering Company "https://www.sys-yaas.com/", a provider of information technology services and payment by Bank Mellat, is an affiliate member of Bank Mellat Information Technology Holding and provides all banking services of this bank, which is one of the most important banks in the Islamic Republic. Iran.

Unfortunately, the company's website has two important security issues that hackers can easily steal sensitive information by stealing cookies.

 
Problem explanation:

This site uses jQuery 3.4.1, which is a completely outdated version of the well-known Cross-site scripting vulnerabilities such as
 
 CVE-2020-11022 with an average risk score of 5.5 according to the CVSSv3.1 Score
And
 CVE-2020-11023 has an average risk score of 4.1 according to the CVSSv3.1 Score
And allows the hacker to exploit the problem to access sensitive information and cookies
And it is necessary to immediately update to the latest version 3.6.0 to solve the "vulnerable" security problem of jQuery
 
Bootstrap 4.3.1 This site also needs to be updated
"Update to the latest version 4.6.1 to fix the" vulnerable "security issue immediately"

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.