CVE-2022-29727 | Survey Sparrow Enterprise Survey Software | Stored cross-site scripting (XSS) vulnerability 2022
Description
On May 11, Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter which was discovered by the security team of Green Tick Nepal Pvt. Ltd. located in Kathmandu, Nepal.
Proof of Concept
The Security Team of Green Tick Nepal Pvt. Ltd. published a Proof of Concept (POC) for SurveySparrow Inc. The vulnerability was found in Survey Sparrow Enterprise-Survey-Software 2022 and categorized as Exploitable. The manipulation of the argument Signup with an unknown input leads to a cross-site scripting vulnerability. The CWE definition for the vulnerability is CWE-79 and such vulnerability affects integrity. An attacker may be able to inject the maliciously crafted payload which could alter the appearance and could make it possible to initiate further attacks against site visitors.
Solution
CVE-ID | Description | Products |
CVE-2022-29727 | Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. | Enterprise-Survey-Software 2022 |
Responsible Disclosure Timeline
Date | Remarks |
April 25, 2022 | The request for CVE was submitted to The MITRE Corporation. |
May 11, 2022 | CVE Published
§ CVE-2022-29727 |
References