Multiple stored XSS vulnerabilities exist in the LinkOne application, allowing multiple web attacks and the theft of sensitive information.
When an error happens during the query operation in the application due to a misconfiguration in the web server configuration file, debug mode in LinkOne application is activated and shows the full path of the directory.
The LinkOne application is lacking HTTP Headers, allowing an attacker to retrieve sensitive information.
Misconfiguration in the ASP server causes server and ASP.net information to be shown. An attacker can use this information as a reconnaissance for further exploitation.
Refer to the vendor website for the mitigations and patch updates here.