Vulnerability Details CVE-2022-37137
PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the view ticket function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.7%
CVSS Severity
CVSS v3 Score 5.4
References