Vulnerability CVE-2022-23861


Published: 2024-10-22   Modified: 2024-10-23

Description:
Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.

 References:
https://ysoft.com
https://github.com/mbadanoiu/CVE-2022-23861
https://github.com/mbadanoiu/CVE-2022-23861/blob/main/SafeQ%20-%20CVE-2022-23861.pdf

Copyright 2024, cxsecurity.com

 

Back to Top