XSS Vulnerability in VERMEG AgileReporter 21.3 Allows Privilege Escalation via Add Comment Action

XSS Vulnerability in VERMEG AgileReporter 21.3 Allows Privilege Escalation via Add Comment Action

CVE-2022-34834 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.

Learn more about our Web Application Penetration Testing UK.