|Qualys Private Cloud Platform (PCP)
|NVD Risk Rating
|Qualys Risk Rating
|CVSSv3.1 Vector (Base)
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details.
Customers should upgrade Qualys Private Cloud Platform to a minimum version of 10.24.0.0.
Qualys has assessed the exploit and believes the risk to be (Moderate) for the following reasons:
Frank Cozijnsen of the KPN REDteam