Cross-Site Scripting in EPSON EPS TSE Server 8
CVE-2020-28930
5.4MEDIUM
What is CVE-2020-28930?
A vulnerability exists in the EPSON EPS TSE Server 8 (21.0.11), where an authenticated attacker can exploit the 'update user' and 'delete user' functionalities in the settings/users.php page. This can lead to the injection of harmful JavaScript payloads that execute within the context of the administrator's session, potentially compromising sensitive admin controls and user data.
