Persistent XSS Vulnerability in DHC Vision eQMS (Version 5.4.8.322) Allows Attackers to Execute Malicious Code

Persistent XSS Vulnerability in DHC Vision eQMS (Version 5.4.8.322) Allows Attackers to Execute Malicious Code

CVE-2022-24957 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will be attacked.

Learn more about our User Device Pen Test.