Vulnerability Type
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")
(CWE-79)
Summary
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter.
Impact
There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter.