appRain Quick Start Edition Core Edition Multiple Persistence Cross-Site Scripting Vulnerabilities.

SecPod Research Team member (Antu Sanadi) has found multiple persistence cross-site scripting vulnerabilities in appRain Quick Start Edition Core Edition. The vulnerability is caused by improper validation of various parameters. This may allow an attacker to steal cookie-based authentications or inject arbitrary HTML code and launch further attacks.

More information can be found here.