CVE-2022-23861

MEDIUM

Y Soft SAFEQ 6 Build 53 - Stored Cross-Site Scripting via Multiple Web Application Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-23861. PoCs published by mbadanoiu.

AI-analyzed exploit summary This repository describes CVE-2022-23861, a stored XSS vulnerability in YSoft SafeQ. The README outlines the vulnerability's impact and requirements but does not include exploit code, instead linking to a PDF for further details.

Description

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.

Exploits (1)

nomisec WRITEUP 1 stars
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2022-23861

This repository describes CVE-2022-23861, a stored XSS vulnerability in YSoft SafeQ. The README outlines the vulnerability's impact and requirements but does not include exploit code, instead linking to a PDF for further details.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: YSoft SafeQ
Auth required
Prerequisites: Valid user credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.4
EPSS 0.0048
EPSS Percentile 37.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
ysoft/safeq 6.0 build53
Published Oct 22, 2024
Tracked Since Feb 18, 2026