92 matches found
PT-2022-28003 · Websoft · Websoft Hcm
Name of the Vulnerable Software and Affected Versions: WebSoft HCM version 2021.2.3.327 Description: The issue arises from insufficient processing of user input, allowing an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser. This includes scripts i...
CVE-2022-46905
Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...
CVE-2022-46906
CVE-2022-46906 affects WebSoft HCM 2021.2.3.327. The root cause is insufficient processing of user input, allowing an authenticated attacker to inject arbitrary HTML tags (including JavaScript) into pages processed by the user’s browser, resulting in Reflected XSS. In the linked sources, the CVE ...
CVE-2022-46905
CVE-2022-46905 affects WebSoft HCM 2021.2.3.327. The vulnerability stems from insufficient processing of user input, enabling an unauthenticated attacker to inject arbitrary HTML tags (including JavaScript) into pages processed by the user’s browser, resulting in reflected XSS. The available docu...
PT-2022-28005 · Websoft · Websoft Hcm
Name of the Vulnerable Software and Affected Versions: WebSoft HCM version 2021.2.3.327 Description: The issue arises from insufficient processing of user input, allowing an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser. This includes scripts i...
CVE-2022-46904
The CVE-2022-46904 affects WebSoft HCM 2021.2.3.327. The vulnerability arises from insufficient processing of user input in WebSoft HCM, allowing an authenticated attacker to inject arbitrary HTML into pages processed by the user’s browser, enabling Self-XSS. Concrete details across connected sou...
PT-2022-28002 · Websoft · Websoft Hcm
Name of the Vulnerable Software and Affected Versions: WebSoft HCM version 2021.2.3.327 Description: The issue arises from insufficient processing of user input, allowing an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser. This includes scripts i...
CVE-2022-46903
Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS...
The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of the “Secure” attribute being set in the authentication session cookies. This allows attackers to carry out attacks aimed at intercepting HTTP network traffic and obtaining the user’s session identifier.
The vulnerability of Websoft HCM’s automation software for HR processes stems from the lack of the “Secure” attribute being set in the authentication session cookies. Exploiting this vulnerability allows a remote attacker to conduct attacks aimed at intercepting HTTP network traffic and obtaining...
The vulnerability of Websoft HCM’s automation software for HR processes stems from the lack of measures taken to protect the website structure. This allows attackers to carry out XSS attacks.
The vulnerability of Websoft HCM’s HR automation software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of Websoft HCM’s automation software for HR processes stems from deficiencies in the authorization process, allowing unauthorized individuals to gain access to protected information.
The vulnerability of Websoft HCM’s automation software for HR processes is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of Websoft HCM’s automation software for HR processes stems from the lack of measures taken to protect the website structure. This allows attackers to carry out XSS attacks.
The vulnerability of Websoft HCM’s HR automation software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of procedures for neutralizing special elements in output data, which allows attackers to carry out attacks aimed at altering the query logic in the XQuery language against the database.
The vulnerability of Websoft HCM’s automation software for HR processes is related to deficiencies in the process of eliminating special elements from output data. Exploiting this vulnerability allows a malicious actor to remotely carry out an attack aimed at altering the query logic in the XQuer...
The vulnerability of Websoft HCM’s automation software for HR processes stems from the lack of measures taken to protect the website structure. This allows attackers to carry out XSS attacks.
The vulnerability of Websoft HCM’s HR automation software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of protection for operational data, allowing attackers to gain unauthorized access to protected information.
The vulnerability of Websoft HCM’s automation software for HR processes is related to the lack of protection for operational data. Exploiting this vulnerability allows an attacker to send incorrect values to parameters, receive error messages, or obtain debugging information regarding installatio...
The vulnerability of Websoft HCM’s automation software for HR processes stems from improper code generation management, allowing attackers to execute arbitrary code.
The vulnerability of Websoft HCM’s automation software for HR processes is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code during the generation of HTTP requests...
The vulnerability of Websoft HCM’s automation software for HR processes stems from errors in filtering user code within the XML tag processor. This allows attackers to execute arbitrary code.
The vulnerability of Websoft HCM’s automation software for HR processes is related to errors in filtering user code within the XML tag handler. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.
The vulnerability of Websoft HCM’s automation software for HR processes is related to deficiencies in the mechanism for generating error reports. Exploiting this vulnerability allows a malicious actor to inject incorrect values into parameters, thereby obtaining additional information in error...
The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of protection for operational data. This allows attackers to obtain information about identities, which can be used in attacks targeting authentication mechanisms.
The vulnerability of Websoft HCM’s automation software for HR processes is related to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor to obtain information about identities, which can be used in attacks targeting authentication mechanisms...
The vulnerability of Websoft HCM’s automation software for HR processes lies in the redirection of URLs to unreliable websites, allowing attackers to redirect users to arbitrary URL addresses.
The vulnerability of Websoft HCM’s automation software for HR processes involves the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor to remotely redirect users to any given URL address...