JVN#43215077: Multiple vulnerabilities in UNIVERSAL PASSPORT RX

UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2023-42427 Dependency on vulnerable third-party component CWE-1395 Known vulnerability in...

Cross-Site Scripting (XSS)

The primefaces library is vulnerable to cross-site scripting XSS attacks through the href and target attributes of ButtonRenderer. Malicious code that is returned in the Content-Type: text/javascript context can result in that code executing within the target user's browser session...