Persistent XSS in DHC Vision eQMS Product by DHC
CVE-2022-24957

5.4MEDIUM

Key Information:

Vendor

Dhc-vision

Status
Eqms
Vendor
CVE Published:
29 March 2022

What is CVE-2022-24957?

DHC Vision eQMS versions up to 5.4.8.322 are susceptible to a Persistent Cross-Site Scripting (XSS) vulnerability stemming from inadequate encoding of untrusted inputs. An attacker can exploit this by creating or modifying an information object and embedding an XSS payload within its name. When another user accesses the object's version or history, the malicious script executes, potentially compromising sensitive data. This vulnerability highlights the critical need for robust input validation and output encoding practices to safeguard against unauthorized script execution.

References

https://syss.de
x_refsource_MISC
https://www.syss.de/fileadmin/dokumente/Publikationen/Adv...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.