An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise. HCL Compass is vulnerable to lack of file upload security. The manipulation of the argument filename leads to unrestricted upload. Users are advised to upgrade to this version or later to secure their systems against this threat. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
nest...