Vulnerability Details CVE-2022-34007
EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://eusanctions.integrityline.com
- https://packetstormsecurity.com/files/167706/EQS-Integrity-Line-Cross-Site-Scripting-Information-Disclosure.html
- https://seclists.org/fulldisclosure/2022/Jul/1
- https://whistleblowingnetwork.org/Our-Work/Spotlight/Stories/The-Pitfalls-of-Closed-Source-Whistleblowing-Softw
- https://www.integrityline.com/
- https://www.ush.it/team/ush/advisory-eqs-integrity-line/eqs_integrity_line.txt
- https://eusanctions.integrityline.com
- https://packetstormsecurity.com/files/167706/EQS-Integrity-Line-Cross-Site-Scripting-Information-Disclosure.html
- https://seclists.org/fulldisclosure/2022/Jul/1
- https://whistleblowingnetwork.org/Our-Work/Spotlight/Stories/The-Pitfalls-of-Closed-Source-Whistleblowing-Softw
- https://www.integrityline.com/
- https://www.ush.it/team/ush/advisory-eqs-integrity-line/eqs_integrity_line.txt
Products affected by CVE-2022-34007
-
cpe:2.3:a:eqs:integrity_line:-
-
cpe:2.3:a:eqs:integrity_line:2022-07-01