CVE-2022-46904

2022-12-1200:00:00

mitre

www.cve.org

websoft hcm

user input

html tags

self-xss

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user’s browser, including scripts in the JavaScript programming language, which leads to Self-XSS.

References

news.websoft.ru/_wt/wiki_base/7175852133775323458