The Unrestricted File Upload leading to Stored Cross-Site Scripting (XSS) vulnerability is a security issue identified within the web application. This vulnerability arises due to a lack of proper input validation in the file upload functionality.
Attackers can upload a malicious file containing JavaScript code that enables them to hijack the admin session, which is already stored in the local storage. This breach could result in an account takeover of the admin account, granting them full access to administrator functionalities.
Install the latest version of the NCR Teller web app.