CVE-2024-7269

Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack.An attacker might inject a script to be run in user's browser.After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information thatthis issue affects ESP HR Management versions before 6.6.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CERT-PLCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
connxesp_hr_management
𝑥
< 6.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.pl/en/posts/2024/08/CVE-2024-7269/
https://cert.pl/posts/2024/08/CVE-2024-7269/
https://connx.com.au/