CVE-2022-43271

MEDIUM

Inhabit Systems Pty Ltd Move CRM <4 - XSS

Title source: llm

Description

Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered to contain a cross-site scripting (XSS) vulnerability via the User profile component.

Exploits (1)

nomisec WRITEUP

by SecurityWillCheck · poc

https://github.com/SecurityWillCheck/CVE-2022-43271

View Code ZIP pw:eip

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/SecurityWillCheck/CVE-2022-43271

Vendor Advisory

https://inhabit.com.au/CVE-2022-43271

Scores

CVSS v3 5.4

EPSS 0.0114

EPSS Percentile 78.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

inhabit/move_crm 4 build_260

Published Dec 22, 2022

Tracked Since Feb 18, 2026