CVE-2022-26155
Cherwell Service Management (CSM) web application, version 10.2.3, is affected by an XSS vulnerability exploitable via a payload in the SAMLResponse parameter of the HTTP request body. The issue is documented across multiple sources (NVD, Red Hat, CVE repositories) with the same root cause: unesc...