Stored XSS Vulnerability in Simple Online Public Access Catalog v1.0 via Edit Account Full Name Field

Stored XSS Vulnerability in Simple Online Public Access Catalog v1.0 via Edit Account Full Name Field

CVE-2022-42991 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field.

Learn more about our Web App Pen Testing.