CVE-2022-46906

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://news.websoft.ru/_wt/wiki_base/7175852586100985308	Vendor Advisory
https://news.websoft.ru/_wt/wiki_base/7175852586100985308	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:websoft:websoft_hcm:2021.2.3.327:*:*:*:*:*:*:*

History

21 Nov 2024, 07:31

Type	Values Removed	Values Added
References	~~() https://news.websoft.ru/_wt/wiki_base/7175852586100985308 - Vendor Advisory~~	() https://news.websoft.ru/_wt/wiki_base/7175852586100985308 - Vendor Advisory
Summary		(es) El procesamiento insuficiente de la entrada del usuario en WebSoft HCM 2021.2.3.327 permite a un atacante autenticado inyectar etiquetas HTML arbitrarias en la página procesada por el navegador del usuario, incluidos scripts en el lenguaje de programación JavaScript, lo que conduce a XSS reflejado.

Information

Published : 2022-12-12 21:15

Updated : 2025-04-22 20:15

NVD link : CVE-2022-46906

Mitre link : CVE-2022-46906

CVE.ORG link : CVE-2022-46906

JSON object : View

Products Affected

websoft

websoft_hcm

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-46906", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-12-12T21:15:10.597", "references": [{"url": "https://news.websoft.ru/_wt/wiki_base/7175852586100985308", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://news.websoft.ru/_wt/wiki_base/7175852586100985308", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS."}, {"lang": "es", "value": "El procesamiento insuficiente de la entrada del usuario en WebSoft HCM 2021.2.3.327 permite a un atacante autenticado inyectar etiquetas HTML arbitrarias en la p\u00e1gina procesada por el navegador del usuario, incluidos scripts en el lenguaje de programaci\u00f3n JavaScript, lo que conduce a XSS reflejado."}], "lastModified": "2025-04-22T20:15:26.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:websoft:websoft_hcm:2021.2.3.327:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "390018F6-BE70-491B-85F9-04DC97EE7C5E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}