Lucene search
MitreCVELIST:CVE-2022-28985HistoryMay 20, 2022 - 1:43 a.m.
CVE-2022-28985
2022-05-2001:43:10
mitre
www.cve.org
3
stored xss
orangehrm v4.10.1
arbitrary web scripts
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
EPSS
0.001
Percentile
24.8%
A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
Related
nvd
nvd
CVE-2022-28985
2022-05-20 02:15:07
prion
prion
Cross site scripting
2022-05-20 02:15:00
osv
osv
CVE-2022-28985
2022-05-20 02:15:07
cnvd
cnvd
OrangeHRM Cross-Site Scripting Vulnerability (CNVD-2022-68518)
2022-05-24 00:00:00
cve
cve
CVE-2022-28985
2022-05-20 02:15:07
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
EPSS
0.001
Percentile
24.8%
Related for CVELIST:CVE-2022-28985