cbcvebase.
CVE-2023-0322
published 2023-03-15

CVE-2023-0322: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS. This issue…

PriorityP422medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.37%
29.0th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS. This issue affects UNIS: before 28376.

Affected

8 ranges
VendorProductVersion rangeFixed in
gpacgpac>= 0 < 0.5.0+svn4288~dfsg1-4ubuntu1+esm20.5.0+svn4288~dfsg1-4ubuntu1+esm2
gpacgpac>= 0 < 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm20.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2
gpacgpac>= 0 < 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm10.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1
gpacgpac>= 0 < 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm20.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2
gpacgpac>= 0 < 2.0.0+dfsg1-2ubuntu0.1~esm22.0.0+dfsg1-2ubuntu0.1~esm2
gpacgpac>= 0 < 2.2.1+dfsg1-3.1ubuntu0.1~esm22.2.1+dfsg1-3.1ubuntu0.1~esm2
talent_softwareunis< 2837628376
talentyazilimunis< 2837628376

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv7.7HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.