216.73.217.64

CVE-2024-7269

· Published 28/08/2024 11:15 · Modified 19/09/2024 14:37

Labels: CVE-2024-7269 2024-08-28CVE-2024-7269CWE-79[email protected]

Essential information

Published
28/08/2024 11:15
Modified
19/09/2024 14:37
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
connx / esp hr management cpe:2.3:a:connx:esp_hr_management:*:*:*:*:*:*:*:*

References