Name of the Vulnerable Software and Affected Versions: Yida ECMS Consulting Enterprise Management System version 1.0 Description: A cross-site scripting issue exists in Yida ECMS Consulting Enterprise Management System 1.0. The vulnerability is located in the POST Request Handler component, specifically within the /login.do API endpoint. Manipulation of the requestUrl parameter allows for the execution of malicious scripts. The exploit has been publicly disclosed. Recommendations: As a temporary workaround, consider restricting access to the /login.do API endpoint until a fix is available. Sanitize the requestUrl parameter to prevent the injection of malicious…Read More