Vulnerabilities (CVE)

Filtered by vendor Sra-admin Project Subscribe
Filtered by product Sra-admin
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-39301 1 Sra-admin Project 1 Sra-admin 2024-02-28 N/A 5.4 MEDIUM
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" - "Profile Picture Upload" allowing theft of the user's personal information. This issue has been patched in 1.1.2. There are no known workarounds.