2 matches found
CVE-2022-22791
SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code into the "comments" field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system...
CVE-2022-22791
The CVE-2022-22791 entry relates to Synel eharmony, describing an authenticated blind and stored cross-site scripting (XSS) vulnerability in the comments field. The root cause is injection of JavaScript through the comments field, with the potential impact noted as cookie theft and the embedding ...