DOM-Based Cross-Site Scripting Vulnerability in Yonyou U8 Software
CVE-2022-26263

6.1MEDIUM

Key Information:

Vendor

Yonyou

Status
U8\+
Vendor
CVE Published:
25 March 2022

What is CVE-2022-26263?

The Yonyou U8 software version 13.0 is exposed to a DOM-based cross-site scripting vulnerability through its WebHelp component. This security flaw can be exploited by malicious actors to inject harmful scripts into web applications, potentially compromising user data and session integrity. Attackers can manipulate the behavior of the application, leading to unauthorized access and data leakage. It is imperative that users of Yonyou U8 take necessary precautions and apply security updates to mitigate the risks associated with this vulnerability.

References

http://yonyou.com
x_refsource_MISC
https://github.com/k0xx11/Vulscve/blob/master/yonyouu8-xs...
x_refsource_MISC
https://www.yonyou.com/
x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-26263 : DOM-Based Cross-Site Scripting Vulnerability in Yonyou U8 Software