CVE-2022-45008

MEDIUM

Online Leave Management System v1.0 - Stored Cross-Site Scripting via Name Field in Create New Module

Title source: llm
STIX 2.1

Description

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module.

Scores

CVSS v3 4.8
EPSS 0.0045
EPSS Percentile 35.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
online_leave_management_system_project/online_leave_management_system 1.0
Published Dec 07, 2022
Tracked Since Feb 18, 2026