CVE-2022-23165 – Sysaid â€“ Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) – The param …

12 May 2022

Vuln ID: CVE-2022-23165

Published: 2022-05-12 20:15:15Z

Description: Sysaid â€“ Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) – The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it’s necessary for the affected product to expose the Offline Help Pages. An attacker may gain access to sensitive information or execute client-side code in the browser session of the victim user. Furthermore, an attacker would require the victim to open a malicious link. An attacker may exploit this vulnerability in order to perform phishing attacks. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system

Source: NVD.NIST.GOV

Date:

12 May 2022

Categorie(s):

NVD

Tag(s):

NVD

10 Data Governance Services: What You Need to Know Before You Choose25 April 2024
All You Need To Know About Security And Privacy Score on Quick Heal antivirus25 April 2024
Nagomi Security raises $30 million to help security teams improve their level of protection25 April 2024
Alert! Cisco Releases Critical Security Updates to Fix 2 ASA Firewall 0-Days25 April 2024
Pakistani APT Hackers Attacking Indian Govt Entities With Weaponized Shortcut Files25 April 2024