CVE-2022-40348

CVE-2022-40348 affects Intern Record System v1.0, vulnerable in /intern/controller.php where the name and email fields are unsafely handled, allowing stored/reflected XSS to trigger arbitrary script execution in the context of the affected site. Public references (NVD/Red Hat/CVE listings) descri...

CVE-2022-40347

CVE-2022-40347 concerns Intern Record System v1.0, exposing a critical SQL Injection in /intern/controller.php via the parameters phone , email , deptType , and name . The root cause is unsafely constructed queries that allow an attacker to access or modify data and potentially execute arbitrary ...