Vulnerability Details CVE-2022-39026
U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 15.4%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2022-39026
-
cpe:2.3:a:edetw:u-office_force:-
-
cpe:2.3:a:edetw:u-office_force:20.0.7668d
-
cpe:2.3:a:edetw:u-office_force:20.50.7821d