CVE-2022-46904

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://news.websoft.ru/_wt/wiki_base/7175852133775323458	Vendor Advisory
https://news.websoft.ru/_wt/wiki_base/7175852133775323458	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:websoft:websoft_hcm:2021.2.3.327:*:*:*:*:*:*:*

History

21 Nov 2024, 07:31

Type	Values Removed	Values Added
References	~~() https://news.websoft.ru/_wt/wiki_base/7175852133775323458 - Vendor Advisory~~	() https://news.websoft.ru/_wt/wiki_base/7175852133775323458 - Vendor Advisory
Summary		(es) El procesamiento insuficiente de la entrada del usuario en WebSoft HCM 2021.2.3.327 permite que un atacante autenticado inyecte etiquetas HTML arbitrarias en la página procesada por el navegador del usuario, incluidos scripts en el lenguaje de programación JavaScript, lo que conduce a Self-XSS.

Information

Published : 2022-12-12 21:15

Updated : 2025-04-22 19:15

NVD link : CVE-2022-46904

Mitre link : CVE-2022-46904

CVE.ORG link : CVE-2022-46904

JSON object : View

Products Affected

websoft

websoft_hcm

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-46904", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-12-12T21:15:10.493", "references": [{"url": "https://news.websoft.ru/_wt/wiki_base/7175852133775323458", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://news.websoft.ru/_wt/wiki_base/7175852133775323458", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS."}, {"lang": "es", "value": "El procesamiento insuficiente de la entrada del usuario en WebSoft HCM 2021.2.3.327 permite que un atacante autenticado inyecte etiquetas HTML arbitrarias en la p\u00e1gina procesada por el navegador del usuario, incluidos scripts en el lenguaje de programaci\u00f3n JavaScript, lo que conduce a Self-XSS."}], "lastModified": "2025-04-22T19:15:51.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:websoft:websoft_hcm:2021.2.3.327:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "390018F6-BE70-491B-85F9-04DC97EE7C5E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}