PT-2022-22465 · Sourcecodester · Sourcecodester Human Resource Management System

Gaurav Bhatia

Published

2022-10-14

Updated

2023-12-28

CVE-2022-3497

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Human Resource Management System version 1.0

Description A vulnerability was found in the Master List component, where the manipulation of the city, state, country, or position argument leads to cross-site scripting. This issue can be exploited remotely.

Recommendations For SourceCodester Human Resource Management System version 1.0, consider restricting the input for the city, state, country, and position arguments to prevent cross-site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Neutralization

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-707CWE-79

Related Identifiers

CVE-2022-3497

Affected Products

Sourcecodester Human Resource Management System

PT-2022-22465 · Sourcecodester · Sourcecodester Human Resource Management System

CVE-2022-3497

Weakness Enumeration

Related Identifiers

Affected Products

References · 3