CVE-2022-43342

Name of the Vulnerable Software and Affected Versions Eramba GRC Software version c2.8.1

Description A stored cross-site scripting (XSS) issue in the Add function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. This enables attackers to potentially manipulate the web application's behavior.

Recommendations For Eramba GRC Software version c2.8.1, consider restricting access to the Add function until a patch is available. As a temporary workaround, avoid using the KPI Title text field for input that may contain malicious scripts. At the moment, there is no information about a newer version that contains a fix for this issue.