A Reflected Cross Site Scripting vulnerability was found in the atksearch[contractnumber], atksearch_AE_customer[customer] and atksearchmode[contracttype] variables within the 'Organisation Contracts' administration page. This is because the application does not properly sanitise the users input.
CVE Link
Exploit Type - Old
Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
Exploit Type
Product Name