PT-2022-17930 · Eova · Eova

Lyf123Lyf

Published

2022-03-20

Updated

2022-03-28

CVE-2022-26555

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Eova version 1.6.0

Description A stored cross-site scripting issue in the Add a Button function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box.

Recommendations For Eova version 1.6.0, as a temporary workaround, consider disabling the Add a Button function until a patch is available. Restrict access to the button name text box to minimize the risk of exploitation. Avoid using the button name text box in the affected function until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-26555

Affected Products

Eova

PT-2022-17930 · Eova · Eova

CVE-2022-26555

Weakness Enumeration

Related Identifiers

Affected Products

References · 3