CVE-2022-3497

CWE-707 CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 54.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Human Resource Management System Oretnom23 Human Resource Management System

Timeline

PublishedOct 14

Description

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. VDB-210786 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sourcecodester/human_resource_management_system1.0

▶NVDoretnom23/human_resource_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-jw99-6632-r82h: A vulnerability was found in SourceCodester Human Resource Management System 1↗2022-10-14

▶

CVEList

SourceCodester Human Resource Management System Master List cross site scripting↗2022-10-14

▶