CVE-2022-37137
CVE-2022-37137 affects PayMoney 3.3. The issue is a Stored Cross-Site Scripting (XSS) in the ticket reply flow, exploitable by injecting a crafted payload into the Message field via the description parameter; the XSS can be triggered in the response or when viewing the ticket. Documents consisten...