CVE-2022-42989
CRITICALsankhya_om < 4.11b81 - Stored Cross-Site Scripting via Caixa de Entrada
Title source: llmDescription
ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada.
References (3)
Core 3
Core References
Not Applicable
http://erp.com
Not Applicable
http://sankhya.com
Exploit, Third Party Advisory
https://github.com/0xLUC4S/CVEs/blob/main/SankhyaERP_XSS_Account_Takeover.txt
Scores
CVSS v3
9.0
EPSS
0.0101
EPSS Percentile
59.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (1)
sankhya/sankhya_om
< 4.11b81
Published
Nov 22, 2022
Tracked Since
Feb 18, 2026