Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3502

A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831.

Published

2022-10-14T11:15:09.693

Last Modified

2024-11-21T07:19:39.890

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

Weaknesses

Type: Secondary
CWE-707
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oretnom23	human_resource_management_system	1.0	Yes

References

https://github.com/draco1725/POC/blob/main/Exploit/Stored%20Xss Exploit, Third Party Advisory ([email protected])
https://vuldb.com/?id.210831 Permissions Required, Third Party Advisory ([email protected])
https://github.com/draco1725/POC/blob/main/Exploit/Stored%20Xss Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?id.210831 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)