We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 (fixed in version 1.35.291), in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting (XSS). To exploit the persistent XSS vulnerability, an attacker has to be authenticated to the application that uses the "TOPqw Webportal" as a software. When authenticated, the attacker can persistently place the malicious JavaScript code in the "QWKalkulation" menu.'
Reserved 2024-09-11 | Published 2024-11-13 | Updated 2024-11-21 | Assigner mitrecyber.wtf/2024/11/11/topqw-webportal-cves/
Support options