CVE-2024-7269

EUVD-2024-48215
Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
connxesp_hr_management
𝑥
< 6.6
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
connxesp_hr_management
𝑥
< 6.6
ADP
Common Weakness Enumeration
References
https://cert.pl/en/posts/2024/08/CVE-2024-7269/
https://cert.pl/posts/2024/08/CVE-2024-7269/
https://connx.com.au/