Security Advisory

CVE-2022-39026

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-10-31 06:40:38

Last updated 2025-05-06 15:37:19

Assigner twcert

State PUBLISHED

Description

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.

← Browse all CVEs View on cve.org ↗