An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code delivery, with the final goal of achieving client-side code execution.
References
Link | Resource |
---|---|
https://dsk.lu/fr/produits/temps-de-presence | Product |
https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-24688-92.pdf | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-07-18T12:34:40
Updated: 2022-07-18T12:34:40
Reserved: 2022-02-09T00:00:00
Link: CVE-2022-24692
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-07-18T13:15:09.900
Modified: 2022-07-27T15:15:46.333
Link: CVE-2022-24692
JSON object: View
Redhat Information
No data.
CWE