CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
AI Score
Confidence
High
EPSS
Percentile
21.8%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Improper Neutralization of Input During Web Page Generation vulnerability in βUpdate of Personal Detailsβ form in ConnX ESP HR Management allows Stored XSS attack.Β An attacker might inject a script to be run in userβs browser.Β After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information thatΒ this issue affects ESP HR Management versions before 6.6.
[
{
"cpes": [
"cpe:2.3:a:connx:esp_hr_management:*:*:*:*:*:*:*:*"
],
"vendor": "connx",
"product": "esp_hr_management",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "6.6",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
AI Score
Confidence
High
EPSS
Percentile
21.8%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total