CVE-2022-32763

Exploit

EPSS 0.86%
Veröffentlicht 15.12.2022 10:15:11
Zuletzt bearbeitet 21.11.2024 07:06:54
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lansweeper ≫ Lansweeper Version10.1.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.86%	0.748

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
talos-cna@cisco.com	9.1	2.3	6	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-184 Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1541

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-32763

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-32763

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-32763

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-32763