CVE-2022-46906

Name of the Vulnerable Software and Affected Versions WebSoft HCM version 2021.2.3.327

Description The issue arises from insufficient processing of user input, allowing an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser. This includes scripts in the JavaScript programming language, leading to Reflected XSS.

Recommendations For WebSoft HCM version 2021.2.3.327, consider disabling the processing of user input that allows HTML tags until a patch is available. Restrict access to the affected pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.