What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This issue affects UiChemy: from n/a through <= 4.4.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This issue affects UiChemy: from n/a through <= 4.4.2.
Explanation of Vulnerability in Simple Terms
UiChemy versions up to 4.4.2 contain a cross-site scripting (XSS) vulnerability that allows an authenticated administrator to inject malicious scripts. The vulnerability requires user interaction—typically a victim visiting a crafted page—and can affect other users' sessions and data. The impact is limited to low-severity confidentiality, integrity, and availability breaches.
What an attacker can do
Inject malicious scripts that execute in other users' browsers when they visit affected pages.
Potential impact on your site
A malicious admin can steal session tokens, modify site content, or redirect users to phishing pages.
Conditions required to exploit
Attacker must have high-level admin privileges and the victim must visit a page containing the malicious payload.
Key dates
External resources
Related vulnerabilities