[Discoverer]
@herwonowr < Herwono W. Wijaya >
[CVE ID]
CVE-2018-13252
[Description]
Entrust Datacard
Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
ENTRUST DATACARD CORPORATION
[Affected Product Code Base]
Syntera CS - 5.x -https://www.datacard.com/manufacturing-efficiency-software-support/syntera-cs
[Affected Component]
Syntera CS
[Attack Type]
Remote
[Impact Code execution]
True
[Attack Vectors]
Remote