A stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. (CVE-2022-27880)
Impact
An authenticated attacker may exploit this vulnerability by storing malicious HTML or JavaScript code in the Traffix SDC Configuration utility. If successful, an attacker can run JavaScript in the context of the currently logged-in user.