CVE-2022-24957
Description
Persistent XSS in DHC Vision eQMS allows attackers to execute arbitrary JavaScript by injecting a payload into the name field of an information object, affecting users viewing version or history tabs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Persistent XSS in DHC Vision eQMS allows attackers to execute arbitrary JavaScript by injecting a payload into the name field of an information object, affecting users viewing version or history tabs.
Vulnerability
DHC Vision eQMS versions up to 5.4.8.322 (tested version 5.4.8.332) contain a persistent cross-site scripting (XSS) vulnerability in the information object name field. The application fails to properly encode untrusted input when reflecting the object name in the version and history tabs, allowing an attacker to inject arbitrary HTML and JavaScript [2].
Exploitation
An attacker must have the ability to create or edit an information object within the application. The attacker sets the object name to an XSS payload (e.g., ``). After saving, any user who opens the object's version or history tab will have the payload executed in their browser [2].
Impact
Successful exploitation results in arbitrary JavaScript execution in the context of the victim's session. This can lead to data theft, session hijacking, defacement, or other client-side attacks, potentially compromising the confidentiality and integrity of the application [2].
Mitigation
As of the public disclosure date (2022-03-28), no official fix has been released by the vendor. The advisory notes that the solution status remains open [2]. Until a patch is available, organizations should restrict create/edit permissions to trusted users and consider implementing a web application firewall (WAF) to filter XSS payloads. Input validation and output encoding should be applied to all user-supplied data.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- DHC Vision/eQMSdescription
- Range: <=5.4.8.322
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Insufficient output encoding of the information object name field allows stored cross-site scripting."
Attack vector
An attacker who is authorized to create or edit information objects in the content section can inject a persistent XSS payload by entering a crafted name such as `<img src=x onerror=alert(1)>` [ref_id=1]. The payload is stored on the server and executed in any user's browser when they open the version or history tab of the manipulated object [ref_id=1]. No special network position is required beyond normal authenticated access to the application.
Affected code
The vulnerability resides in the handling of information object names in the DHC Vision eQMS application. When a user creates or edits an information object, the name field is stored without proper sanitization and later reflected unsanitized into the server response on the version and history tabs [ref_id=1]. The advisory does not specify exact file paths or function names.
What the fix does
As of the public disclosure date (2022-03-28), the advisory states the solution status is "Open" and no solution date was provided [ref_id=1]. No patch is included in the bundle. The manufacturer was notified on 2022-02-10, but no fix had been released at the time of disclosure [ref_id=1]. Remediation would require implementing proper output encoding for the name field wherever it is reflected in server responses, particularly on the version and history pages.
Preconditions
- authAttacker must have a user account with permission to create or edit information objects in the content section
- inputVictim must open the version or history tab of the attacker-created or attacker-modified object
Reproduction
1. Log in to DHC Vision eQMS with an account that has permission to create or edit information objects. 2. Right-click on a document you can edit, or create a new information object. 3. Enter `<img src=x onerror=alert(1)>` as the name of the new or editable object. 4. After saving, open the "versions" tab. 5. The alert will pop up, confirming the XSS [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- syss.demitrex_refsource_MISC
- www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-019.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.