Critical
CVSS 9.8
Overview
A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2 which allows an unauthenticated attacker to steal other users' data.
CVE-2020-26799
A reflected cross-site scripting (XSS) vulnerability was discovered in index.php...
Risk analysis
This vulnerability is rated 🔴 CRITICAL.
- CVSS: 9.8 (CRITICAL)
- Detected tags: unauth_access, xss (tag impact: HIGH)
Recommended actions:
- Enforce authentication/authorization; reduce default endpoint exposure.
- Apply context-aware output encoding.
- Enable Content-Security-Policy and HttpOnly/SameSite cookies.