CVE-2024-7269

Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:connx:esp_hr_management:*:*:*:*:*:*:*:*

History

19 Sep 2024, 14:37

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
References () https://cert.pl/en/posts/2024/08/CVE-2024-7269/ - () https://cert.pl/en/posts/2024/08/CVE-2024-7269/ - Third Party Advisory
References () https://cert.pl/posts/2024/08/CVE-2024-7269/ - () https://cert.pl/posts/2024/08/CVE-2024-7269/ - Third Party Advisory
References () https://connx.com.au/ - () https://connx.com.au/ - Product
CPE cpe:2.3:a:connx:esp_hr_management:*:*:*:*:*:*:*:*
First Time Connx
Connx esp Hr Management
Summary
  • (es) La vulnerabilidad de Neutralización Incorrecta de Entradas durante la Generación de Páginas Web en el formulario "Actualización de Datos Personales" en ConnX ESP HR Management permite un ataque XSS Almacenado. Un atacante podría inyectar un script para que se ejecute en el navegador del usuario. Después de varios intentos de contactar al proveedor, no recibimos ninguna respuesta. El investigador proporcionó la información de que este problema afecta a las versiones de ESP HR Management anteriores a la 6.6.

28 Aug 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-28 11:15

Updated : 2024-09-19 14:37


NVD link : CVE-2024-7269

Mitre link : CVE-2024-7269

CVE.ORG link : CVE-2024-7269


JSON object : View

Products Affected

connx

  • esp_hr_management
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')