CVE-2022-24957

Name of the Vulnerable Software and Affected Versions DHC Vision eQMS versions 5.4.8.322 and earlier

Description The issue is related to insufficient encoding of untrusted input/output, leading to Persistent XSS. To exploit this, an attacker must create or edit a new information object, using the XSS payload as the name. Any user who opens the object's version or history tab will be attacked.

Recommendations For versions 5.4.8.322 and earlier, as a temporary workaround, consider restricting the ability to create or edit information objects to prevent the introduction of XSS payloads. Additionally, limit access to the version and history tabs of information objects until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.