VYPR
Unrated severityNVD Advisory· Published Oct 31, 2022· Updated May 6, 2025

e-Excellence Inc. U-Office Force - Stored XSS

CVE-2022-39026

Description

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.