CVE-2022-23861

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ysoft:safeq:6.0:build53:*:*:*:*:*:*

History

01 Nov 2024, 14:19

Type Values Removed Values Added
CPE cpe:2.3:a:ysoft:safeq:6.0:build_53:*:*:*:*:*:* cpe:2.3:a:ysoft:safeq:6.0:build53:*:*:*:*:*:*

30 Oct 2024, 15:49

Type Values Removed Values Added
References () https://github.com/mbadanoiu/CVE-2022-23861 - () https://github.com/mbadanoiu/CVE-2022-23861 - Exploit, Third Party Advisory
References () https://github.com/mbadanoiu/CVE-2022-23861/blob/main/SafeQ%20-%20CVE-2022-23861.pdf - () https://github.com/mbadanoiu/CVE-2022-23861/blob/main/SafeQ%20-%20CVE-2022-23861.pdf - Exploit
References () https://ysoft.com - () https://ysoft.com - Product
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 5.4
CPE cpe:2.3:a:ysoft:safeq:6.0:build_53:*:*:*:*:*:*
First Time Ysoft safeq
Ysoft

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) Se descubrieron múltiples vulnerabilidades de cross-site scripting almacenadas en Y Soft SAFEQ 6 Build 53. Se pueden usar varios campos en la aplicación web YSoft SafeQ para inyectar entradas maliciosas que, debido a la falta de desinfección de salida, dan como resultado la ejecución de código JS arbitrario. Estos campos se pueden aprovechar para realizar ataques XSS a usuarios legítimos que acceden a la interfaz web de SafeQ.

22 Oct 2024, 19:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79

22 Oct 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-22 16:15

Updated : 2024-11-01 14:19


NVD link : CVE-2022-23861

Mitre link : CVE-2022-23861

CVE.ORG link : CVE-2022-23861


JSON object : View

Products Affected

ysoft

  • safeq
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')