CVE-2022-33043

Name of the Vulnerable Software and Affected Versions Urtracker Premium version 4.0.1.1477

Description A cross-site scripting (XSS) vulnerability in the batch add function allows attackers to execute arbitrary web scripts or HTML via a crafted excel file.

Recommendations For Urtracker Premium version 4.0.1.1477, consider disabling the batch add function until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the batch add functionality to minimize the risk of arbitrary web script or HTML execution. Avoid using crafted excel files in the batch add function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.