EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry.
References
| Link | Resource |
|---|---|
| https://eusanctions.integrityline.com | Product Third Party Advisory |
| https://packetstormsecurity.com/files/167706/EQS-Integrity-Line-Cross-Site-Scripting-Information-Disclosure.html | Exploit Third Party Advisory VDB Entry |
| https://seclists.org/fulldisclosure/2022/Jul/1 | Exploit Mailing List Third Party Advisory |
| https://whistleblowingnetwork.org/Our-Work/Spotlight/Stories/The-Pitfalls-of-Closed-Source-Whistleblowing-Softw | Third Party Advisory |
| https://www.integrityline.com/ | Vendor Advisory |
| https://www.ush.it/team/ush/advisory-eqs-integrity-line/eqs_integrity_line.txt | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2022-07-07 12:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-34007
Mitre link : CVE-2022-34007
CVE.ORG link : CVE-2022-34007
JSON object : View
Products Affected
eqs
- integrity_line
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')