CVE-2022-23861

Name of the Vulnerable Software and Affected Versions Y Soft SAFEQ version 6 Build 53

Description Multiple Stored Cross-Site Scripting issues were discovered in the YSoft SafeQ web application. The lack of output sanitization in multiple fields allows for the injection of malicious inputs, resulting in the execution of arbitrary JS code. These fields can be used to perform XSS attacks on legitimate users accessing the SafeQ web interface.

Recommendations For Y Soft SAFEQ version 6 Build 53, consider disabling the web application's fields that allow user input until a patch is available to prevent the injection of malicious code. Restrict access to the SafeQ web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.