Authenticated Stored XSS Vulnerability in User Profile Data Fields

Authenticated Stored XSS Vulnerability in User Profile Data Fields

CVE-2022-40288 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.

Learn more about our User Device Pen Test.