exploitDog

CVE-2024-7269

Опубликовано: 28 авг. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.

Ссылки

https://cert.pl/en/posts/2024/08/CVE-2024-7269/
Third Party Advisory
https://cert.pl/posts/2024/08/CVE-2024-7269/
Third Party Advisory
https://connx.com.au/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:connx:esp_hr_management:*:*:*:*:*:*:*:*

Версия до 6.6 (исключая)

EPSS

Процентиль: 40%

0.00181

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-x928-8f88-6fjf

CVSS3: 5.4

github

больше 1 года назад

Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.

EPSS

Процентиль: 40%

0.00181

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79