PT-2022-17160 · Unknown · Money Transfer Management System

Oscar Uribe

Published

2022-03-23

Updated

2022-03-29

CVE-2022-25221

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Money Transfer Management System version 1.0

Description The issue allows an attacker to inject JavaScript code in the URL, which can then be used to trick a user into visiting the link and executing the JavaScript code.

Recommendations For Money Transfer Management System version 1.0, consider disabling JavaScript execution in URLs as a temporary workaround until a patch is available. Restrict access to URLs that may contain malicious JavaScript code to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-25221

Affected Products

Money Transfer Management System

PT-2022-17160 · Unknown · Money Transfer Management System

CVE-2022-25221

Weakness Enumeration

Related Identifiers

Affected Products

References · 3