Key Information Vulnerability Type Stored XSS in Configuration Key Functionality Severity Moderate CVSS v3 base metrics: 6.3/10 Affected Versions Affected versions: Connection page. 3. Open any existing connection and click Add configuration key. 4. Set any name and address, then intercept the request and add the following payload to the confKey parameter: 5. The new configuration key will be set. 6. (Optional) You can authorize another user to access this service. For the next step, I will use the admin user. 7. When the delete button (trash icon) is clicked next to the created connection, the payload will execute. Impact Impact: Stored cross-site scripting (XSS) vulnerability Reporter Reported by Alexey Kosmachev, Lead Pentester from Bi.Zone