NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15032
Reference (s):
- https://gist.github.com/p4nk4jv/68ae8b773dbea6d8769295ba96d9f1e3
- https://www.nedi.ch/download/