CVE-2022-23861

Published: Oct 22, 2024Modified: Nov 1, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.

Affected (1)

Products: Ysoft: Safeq

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ysoft Safeq	Version 6.0 build53

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (3)

https://github.com/mbadanoiu/CVE-2022-23861

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/mbadanoiu/CVE-2022-23861/blob/main/SafeQ%20-%20CVE-2022-23861.pdf

Source: cve@mitre.org

Exploit

https://ysoft.com

Source: cve@mitre.org

Product

Timeline

No history available yet.