A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code.
An authenticated high-privileged user must go to the "Rules" page. Fill in all the required fields and insert the XSS payload into the Rule name and the Parameter subject fields. Once the rule has been saved, the JavaScript code is executed after clicking the "Execute Now" button.
Discovered by Nikita Hrab, July 2024
References: https://www.trados.com/product/worldserver/