A XFS vulnerability was found at NeoMind Fusion Platform, when we requested the URI /fusion/portal/action/Link?link=<Link> we figured out that the link parameter was reflected at an iframe, without any kind of sanitization. As we can see bellow.

So, we tried to use path traversal to access a page, and it returns us a Apache Tomcat default page.

Futhermore, it was possible to access a external URL as well.