Full title: ABB Cylon Aspect 3.08.01 jsonProxy.php Cross Site Scripting Vulnerability Category: web applications Platform: php ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated reflected cross-site scripting vulnerability. Input passed to the GET parameters query and application is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site. # 0day.today @ http://0day.today/