CVE-2024-7269 Vulnerability Details

  /     /     /  

CVE-2024-7269 Metadata Quick Info

CVE Published: 28/08/2024 | CVE Updated: 28/08/2024 | CVE Year: 2024
Source: CERT-PL | Vendor: ConnX | Product: ESP HR Management
Status : PUBLISHED

CVE-2024-7269 Description

Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user\'s browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or Cross-site Scripting )
Source: ConnX

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-592
CAPEC Description: CAPEC-592 Stored XSS


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-7269 Vulnerability Details