Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.
References
Link | Resource |
---|---|
https://cert.pl/en/posts/2024/08/CVE-2024-7269/ | Third Party Advisory |
https://cert.pl/posts/2024/08/CVE-2024-7269/ | Third Party Advisory |
https://connx.com.au/ | Product |
Configurations
History
19 Sep 2024, 14:37
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | () https://cert.pl/en/posts/2024/08/CVE-2024-7269/ - Third Party Advisory | |
References | () https://cert.pl/posts/2024/08/CVE-2024-7269/ - Third Party Advisory | |
References | () https://connx.com.au/ - Product | |
CPE | cpe:2.3:a:connx:esp_hr_management:*:*:*:*:*:*:*:* | |
First Time |
Connx
Connx esp Hr Management |
28 Aug 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-28 11:15
Updated : 2024-09-19 14:37
NVD link : CVE-2024-7269
Mitre link : CVE-2024-7269
CVE.ORG link : CVE-2024-7269
JSON object : View
Products Affected
connx
- esp_hr_management
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')