

Get the info, find the issues and pro-actively fix them. LsAgent is a small, lightweight application that you can install on your Windows, Mac & Linux devices. So far, im enjoying the features that come free with it. cpe:2.3:a:lansweeper:lansweeper:9.1.20. Lansweeper is an IT Asset Management solution that gathers hardware and software information.A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. The vulnerability exists due to insufficient sanitization of user-supplied data in the WebUserActions.aspx functionality. Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. The vulnerability exists due to insufficient sanitization of user-supplied data within the user edits. Is there known malware, which exploits this vulnerability?

The vulnerability exists due to insufficient sanitization of user-supplied data within the creation of dashboard tabs. The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks. CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
