Vulnerability Details CVE-2018-17288
Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) "DeviceName" field in /Kofax/KFS/Admin/DeviceService/device/ - (Administration Console).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2018-17288
-
cpe:2.3:a:kofax:front_office_server:4.1.1.11.0.5212