CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
AI Score
Confidence
High
EPSS
Percentile
21.8%
Improper Neutralization of Input During Web Page Generation vulnerability in βUpdate of Personal Detailsβ form in ConnX ESP HR Management allows Stored XSS attack.Β An attacker might inject a script to be run in userβs browser.Β After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information thatΒ this issue affects ESP HR Management versions before 6.6.
Vendor | Product | Version | CPE |
---|---|---|---|
connx | esp_hr_management | * | cpe:2.3:a:connx:esp_hr_management:*:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "ESP HR Management",
"vendor": "ConnX",
"versions": [
{
"lessThan": "6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
AI Score
Confidence
High
EPSS
Percentile
21.8%