An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25247
Reference (s):
- FULLDISC:20201006 Re: Navy Federal Reflective Cross Site Scripting (XSS)
- URL: http://seclists.org/fulldisclosure/2020/Oct/9
- https://seclists.org/fulldisclosure/2020/Sep/21