Description
Due to a lack of overall input validation, an authenticated user can inject basic JavaScript Cross Site Scripting payloads into the recipient name of WebDictate to create a stored XSS condition.
Vulnerability type
Cross Site Scripting (XSS)
Vendor
NCH Software
Affected versions
WebDictate 2.13 and earlier
Attack type
Remote
Authenticated
Yes
Attack vectors
Recipient name