exploitDog

CVE-2022-46905

Опубликовано: 12 дек. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.

Ссылки

https://news.websoft.ru/_wt/wiki_base/7175852393019676262
Vendor Advisory
https://news.websoft.ru/_wt/wiki_base/7175852393019676262
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:websoft:websoft_hcm:2021.2.3.327:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.022

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-qcgv-jc82-m3g3

CVSS3: 6.1

github

около 3 лет назад

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.

EPSS

Процентиль: 84%

0.022

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79