CVE-2022-46904

Name of the Vulnerable Software and Affected Versions WebSoft HCM version 2021.2.3.327

Description The issue arises from insufficient processing of user input, allowing an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser. This includes scripts in the JavaScript programming language, leading to Self-XSS.

Recommendations For WebSoft HCM version 2021.2.3.327, consider implementing proper input validation and sanitization to prevent the injection of arbitrary HTML tags. As a temporary workaround, restrict the ability to inject scripts in the JavaScript programming language to minimize the risk of Self-XSS exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.