PT-2022-28004 · Websoft · Websoft Hcm
Published
2022-12-12
·
Updated
2025-04-22
·
CVE-2022-46905
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WebSoft HCM version 2021.2.3.327
Description
Insufficient processing of user input in WebSoft HCM allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.
Recommendations
For version 2021.2.3.327, update to a version that properly processes user input to prevent the injection of arbitrary HTML tags.
As a temporary workaround, consider restricting user input to prevent the injection of malicious scripts until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Websoft Hcm