Multiple Cross-Site Scripting vulnerabilities have been found in Cantemo Portal™. A successful exploit could lead to users with access to the system obtaining more access than granted, including admin access. Depending on system configuration an attacker can also potentially execute arbitrary code on the server running Cantemo Portal.
Cantemo has released software updates that address this vulnerability. There are currently no workarounds that address these vulnerabilities and we would recommend all customers to upgrade to the latest applicable version.
We would like to thank Chris Davis from Bishop Fox, for reporting and working with us to mitigate this issue.
Affected Products: Cantemo Portal
- Cantemo Portal 3.2.13
- Cantemo Portal 3.3.8
- Cantemo Portal 3.4.9