CVE-2022-39301

Name of the Vulnerable Software and Affected Versions sra-admin version 1.1.1

Description sra-admin is a background rights management system that separates the front and back end. It has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" - "Profile Picture Upload" allowing theft of the user's personal information.

Recommendations For sra-admin version 1.1.1, update to version 1.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the "Profile Picture Upload" feature in the "Personal Center" to minimize the risk of exploitation.