CVE-2022-3493

CWE-707CWE-79Cross-site Scripting (XSS)CWE-862Missing Authorization4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 44.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Human Resource Management SystemOretnom23 Human Resource Management System
Timeline
PublishedOct 13
Latest updateOct 20

Description

A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210773 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Human Resource Management System Add Employee cross site scripting2022-10-13
GHSA
GHSA-76cw-59x8-rvfm: A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 12022-10-13

📋Vendor Advisories

1
CISA
Linux Kernel Privilege Escalation Vulnerability2022-10-20
CVE-2022-3493 (MEDIUM CVSS 5.4) | A vulnerability | cvebase.io