Products
ConnX ESP HR Management
- before 6.6
Source
cvd@cert.pl
Tags
CVE-2024-7269 details
Published : Aug. 28, 2024, 11:15 a.m.
Last Modified : Aug. 28, 2024, 12:57 p.m.
Last Modified : Aug. 28, 2024, 12:57 p.m.
Description
Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
References
| URL | Source |
|---|---|
| https://cert.pl/en/posts/2024/08/CVE-2024-7269/ | cvd@cert.pl |
| https://cert.pl/posts/2024/08/CVE-2024-7269/ | cvd@cert.pl |
| https://connx.com.au/ | cvd@cert.pl |
This website uses the NVD API, but is not approved or certified by it.