Exploitation Summary
EIP tracks 1 public exploit for CVE-2022-43271. PoCs published by SecurityWillCheck.
AI-analyzed exploit summary This repository contains a writeup describing a stored XSS vulnerability in Move CRM's 'staff settings' feature, specifically in the 'Profile' text box. The vulnerability allows bypassing front-end filtering by modifying the 'lProfileCopy' parameter in a POST request.
Description
Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered to contain a cross-site scripting (XSS) vulnerability via the User profile component.
Exploits (1)
This repository contains a writeup describing a stored XSS vulnerability in Move CRM's 'staff settings' feature, specifically in the 'Profile' text box. The vulnerability allows bypassing front-end filtering by modifying the 'lProfileCopy' parameter in a POST request.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N