Abstract Advisory Information
Security issue affecting the product AXIOM from the company AXIOMSL (http://axiomsl.com). The web application (Google Web Toolkit module) is vulnerable to HTML injection attack into the scoping dashboard features. Vendor is informed about this vulnerability and the CVE ID is referenced into the release note of the product for the version vulnerable.
9.5.3 for sure and potentially version superior.
Common Vulnerability Scoring System
The issue will not be fixed, client must setup a fix using his infrastructure layer in front of the application (at Web Application Firewall level).
Vulnerability Disclosure Timeline
- 2015-07-01: Security note sent to AXIOMSL contact about the vulnerability.
- 2015-07-03: Acknowledge from AXIOMSL about reception of our note.
- 2015-07-06: Ask for CVE ID to MITRE.
- 2015-07-10: Received CVE ID from MITRE.
- 2015-07-24: Received information from AXIOMSL about non fixing.
- 2015-07-25: Creation of this advisory note.
- 2015-07-30: Ask to MITRE to publish CVE.