Vulnerabilities > Identicard > TWO Reader Controller Configuration Manager > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-09	CVE-2017-14973	Cross-site Scripting vulnerability in Identicard Two-Reader Controller Configuration Manager 1.18.8(396) IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page). network low complexity identicard CWE-79	5.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.