PT-2023-13423 · Vermeg · Vermeg Agilereporter
Crashpark
·
Published
2023-10-27
·
Updated
2023-11-08
·
CVE-2022-34834
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
VERMEG AgileReporter version 21.3
Description
An issue was discovered in VERMEG AgileReporter where attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.
Recommendations
For VERMEG AgileReporter version 21.3, consider disabling the Add Comment action to the Activity log until a patch is available to prevent exploitation via XSS payload.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vermeg Agilereporter