Stored Cross-Site Scripting in Perx Customer Engagement & Loyalty Platform

Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can upload a malicious SVG file containing a script payload to a campaign. When another user views this image on the public LMT microsite, the script executes, which can lead to session hijacking, data theft, or other unauthorized actions.This issue affects Customer Engagement & Loyalty Platform before 4.617.4.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Perx Customer Engagement & Loyalty Platform 安全漏洞

Perx Customer Engagement & Loyalty Platform是新加坡Perx公司的一个客户参与活动平台。 Perx Customer Engagement & Loyalty Platform 4.617.4之前版本存在安全漏洞，该漏洞源于SVG文件上传清理不当，可能导致存储型跨站脚本攻击。

N/A

N/A