Insufficient Filtering for Special Characters in Ragic Report Generation Page Allows for Reflected XSS Attack

Insufficient Filtering for Special Characters in Ragic Report Generation Page Allows for Reflected XSS Attack

CVE-2022-40739 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack.

Learn more about our User Device Pen Test.