Privilege Escalation via Cross Site Scripting (XSS) in Things Board 3.4.1

Privilege Escalation via Cross Site Scripting (XSS) in Things Board 3.4.1

CVE-2022-40004 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log.

Learn more about our Web Application Penetration Testing UK.