CVE-2022-39054 MEDIUM

CVE-2022-39054: COWELL INFORMATION SYSTEM CO., LTD. enterprise travel management system - Reflected XSS

Weakness CWE-79 · XSS

Published September 28, 2022

Last update May 21, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.

Key dates

02Disclosure timeline

September 28, 2022 CVE published

May 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-39054

Related vulnerabilities

04Related CVE

CVE-2022-0599 Mapping Multiple URLs Redirect Same Page <= 5.8 - Reflected Cross-Site Scripting CVE-2024-54036 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-12574 SVG Shortcode <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload CVE-2017-9555 CVE-2024-0782 CodeAstro Online Railway Reservation System pass-profile.php cross site scripting