CVE-2024-7269
Last modified
CVE-2024-7269 is a high-severity vulnerability rated 8.7/10 on the CVSS scale. Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Connx | Esp Hr Management | < 6.6 |
References
- https://cert.pl/en/posts/2024/08/CVE-2024-7269/Third Party Advisory
- https://cert.pl/posts/2024/08/CVE-2024-7269/Third Party Advisory
- https://connx.com.au/Product
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-7269?
How severe is CVE-2024-7269?
How do I fix CVE-2024-7269?
Are you affected by CVE-2024-7269?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST