Compliance Impact

The stored cross-site scripting (XSS) vulnerability in IngEstate Server v11.14.0 allows attackers to execute arbitrary scripts in the browsers of users who view compromised content. This can lead to session hijacking, credential theft, and unauthorized actions performed on behalf of victims.

Such impacts can compromise the confidentiality and integrity of user data, which are critical requirements under common standards and regulations like GDPR and HIPAA. Specifically, unauthorized access to personal or sensitive information due to this vulnerability could result in non-compliance with data protection and privacy obligations.

Therefore, organizations using the affected software may face increased risk of violating these regulations if the vulnerability is exploited and not properly mitigated.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-30082 is a stored cross-site scripting (XSS) vulnerability found in IngEstate Server version 11.14.0. It affects the Edit feature on the Software Package List page, where an authenticated user can inject malicious JavaScript code into parameters such as "About application," "What's news," or "Release note."

Once the malicious script is injected, it is stored on the server and executed automatically in the browsers of other users who view these sections, allowing attackers to run arbitrary web scripts or HTML.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows attackers to execute arbitrary JavaScript code in the browsers of users who view the compromised Software Package information. This can lead to serious security issues such as session hijacking, credential theft, and unauthorized actions performed on behalf of the victim.

All users who access the affected sections of the IngEstate Server are at risk if the vulnerability is exploited.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking for malicious JavaScript payloads injected into the parameters "About application," "What's news," or "Release note" on the Software Package List page of IngEstate Server v11.14.0.

Specifically, monitoring or inspecting API requests to the endpoint `PUT /emgui/rest/appDatasheet//?full=true` for suspicious payloads can help identify exploitation attempts.

Commands to detect this might include using web proxy tools or curl to fetch and inspect the content of these parameters for injected scripts.

• Use curl to retrieve the Software Package List page and search for suspicious script tags or payloads: `curl -k -u <user>:<password> https://<server>/emgui/rest/appDatasheet//?full=true`
• Use web application security scanners or proxy tools (e.g., Burp Suite, OWASP ZAP) to intercept and analyze requests to the Edit feature and look for injected JavaScript.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the Edit feature on the Software Package List page to trusted and authenticated users only.

Additionally, review and sanitize all inputs to the "About application," "What's news," and "Release note" parameters to prevent injection of malicious scripts.

If possible, apply any available patches or updates from the vendor addressing this vulnerability.

As a temporary measure, monitor and audit logs for suspicious activity related to the API endpoint `PUT /emgui/rest/appDatasheet//?full=true`.

Useful 0 Not Useful 0