Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44787

Nov. 21, 2022, 11:15 p.m. |

National Vulnerability Database nist.gov

An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. As an example, the onmouseenter attribute is not sanitized.

cve

Senior Cloud Security Engineer

@ HelloFresh | Berlin, Germany

Senior Security Engineer

@ Reverb | Remote, US

I.S. Security Analyst

@ YVFWC | Yakima, WA

Territory Account Manager - Cybersecurity - Little Rock

@ Optiv | Little Rock, AR

Cybersecurity Network Engineer

@ Bitcoin Depot | Remote

Senior Solutions Architect, Prisma Cloud - Visibility, Compliance, and Security (EMEA)

@ Palo Alto Networks | Manchester, United Kingdom

Cloud Security Engineer

@ Snow Software | Solna, Sweden

Senior Security Engineer - 12 month contract - Outside IR35 - Northampton Area

@ Eurofins | Northampton, United Kingdom

Penetration Tester

@ Family Zone | Melbourne, Australia

Senior Consultant - II - Fortinet

@ Optiv | Bengaluru, Karnataka

Snr Professional Services Consultant - XSIAM

@ Palo Alto Networks | Madrid, Spain

Data Governor and Security Specialist

@ Dynatrace | Milan, Italy