3.8
CVE-2022-2256
- EPSS 0.57%
- Veröffentlicht 01.09.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 07:00:37
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization
Stored XSS when loading default roles
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.
Mögliche Gegenmaßnahme
Visualizer – Tables & Charts Manager with Built-in AI Generator: Update to version 3.7.10, or a newer patched version
Keycloak Server: Install latest version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Single Sign-on Version7.0
VulnDex Vulnerability Enrichment
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Visualizer – Tables & Charts Manager with Built-in AI Generator
Version
*-3.7.9
SystemKeycloak
≫
Produkt
Keycloak Server
Version
< 19.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.57% | 0.431 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.8 | 1.2 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://bugzilla.redhat.com/show_bug.cgi?id=2101942
https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
https://www.wordfence.com/threat-intel/vulnerabilities/id/d25ed357-2895-47c7-9418-628068c6d18e
https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49