Stored Cross-Site Scripting (XSS) Vulnerability in Online Leave Management System v1.0

Stored Cross-Site Scripting (XSS) Vulnerability in Online Leave Management System v1.0

CVE-2022-45008 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module.

Learn more about our Web App Pen Testing.