SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. This was fixed in TLM RP 3.1.0. Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24662 Reference (s):
- https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md
- https://www.accenture.com