CVE-2022-23861

MEDIUM

Y Soft SAFEQ 6 Build 53 - XSS

Title source: llm

Description

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.

Exploits (1)

nomisec WRITEUP 1 stars

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2022-23861

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://github.com/mbadanoiu/CVE-2022-23861

Exploit

https://github.com/mbadanoiu/CVE-2022-23861/blob/main/SafeQ%20-%20CVE-2022-23861.pdf

Product

https://ysoft.com

Scores

CVSS v3 5.4

EPSS 0.0032

EPSS Percentile 54.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

ysoft/safeq 6.0 build53

Published Oct 22, 2024

Tracked Since Feb 18, 2026