CVE-2022-22834: OverIT Geocall v. < 8.0 – XSLT Injection

Severity: Medium

OverIT projects based on the same Geocall-Framework at level v. < 8, an authenticated user who has the “Test Trasformazione xsl” functionality enabled can exploit an XSLT Injection vulnerability in order to achieve remote code execution (RCE). The vulnerability is triggered by sending a specific XSL tag inside the XML field.