Stored Cross Site Scripting in Sofico Miles RIA


Stored Cross Site Scripting


Sofico Miles RIA

Vulnerable Version

2020.2 build 127964T

Fixed Version

2020.2 build 128076 or higher

CVE Number







Oualid Lkhaouni (Office Bochum)

The software Sofico Miles RIA 2020.2 is vulnerable to a persistent cross-site scripting vulnerability. The vulnerability exists due to insufficient input validation in the application.

Vendor description

"Sofico is the world’s leading supplier of mission-critical software solutions for automotive finance, leasing, fleet, and mobility management companies, and its software is used by a broad range of renowned leasing companies all over the world."


Business recommendation

SEC Consult recommends updating to the latest version of Sofico Miles RIA.

An in-depth security analysis performed by security professionals is highly advised, as the software may be affected from further security issues.

Vulnerability overview/description

1) Stored Cross Site Scripting (CVE-2021-41557) 

Miles RIA is a software solution by Sofico that allows leasing companies to manage their leasing services on a single platform.

The Miles RIA application is vulnerable to Stored Cross-Site Scripting (XSS). An attacker with access to a user account of the RIA IT or the Fleet role can create a malicious work order in the damage reports section or change existing work orders with malicious JavaScript. 

Proof of concept

1) Stored Cross Site Scripting (CVE-2021-41557)

The following payload can be used for the insecure work order number parameter of pending work orders in the damage reports section to inject and execute malicious JavaScript in the context of the victim. Once the victim visits the malicious work order, the attacker-controlled input gets reflected in the lower left context menu of the loaded webpage:

1000 <img src=x onerror=alert(document.domain)>

This JavaScript code will then automatically get executed when the site, which contains the payload, is visited by the victim.

Vulnerable / tested versions

The following software version has been tested and found to be vulnerable:

  • Miles RIA 2020.2 build 127964T

It is unknown whether previous versions are affected, as the vendor did not supply this information.

Vendor contact timeline

2021-07-26 Contacting vendor through; No answer.
2021-08-24 Contacting vendor through; No answer.
2021-09-21 Contacting vendor through and; No answer.
2021-11-04 Informing vendor about public advisory release on 9th November 2021.
2021-11-08 Received info from 3rd party about patches.
2021-11-24 Informing vendor about public advisory release on 29th November 2021.
2021-11-24 Received more detailed info from 3rd party about patches.
2021-12-01 Coordination call with vendor.
2021-12-13 Coordinated release of security advisory.


The vendor provides patches for the affected product versions:

  • Miles RIA 2020.2 build 128076 or higher



Advisory URL


EOF Oualid Lkhaouni / @2021