PT-2022-21100 · Unknown · Arox School Erp Pro

Jc175

Published

2022-07-15

Updated

2022-07-22

CVE-2022-32118

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Arox School ERP Pro version 1.0

Description A cross-site scripting (XSS) issue was found in Arox School ERP Pro via the dispatchcategory parameter in backoffice.inc.php. This allows for potential malicious script execution.

Recommendations For Arox School ERP Pro version 1.0, consider restricting access to the dispatchcategory parameter in backoffice.inc.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-32118

Affected Products

Arox School Erp Pro

PT-2022-21100 · Unknown · Arox School Erp Pro

CVE-2022-32118

Weakness Enumeration

Related Identifiers

Affected Products

References · 5