Lucene search

Alpine Linux Development TeamALPINE:CVE-2022-45179

HistoryFeb 21, 2024 - 4:15 p.m.

CVE-2022-45179

2024-02-2116:15:49

Alpine Linux Development Team

security.alpinelinux.org

livebox collaboration

xss vulnerability

reminder section

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

Percentile

14.0%

JSON

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user (authenticated to the product) can store arbitrary HTML code in the reminder section title in order to corrupt the web page (for example, by creating phishing sections to exfiltrate victims’ credentials).

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchvdesk= 1.2-r1UNKNOWN
Alpine3.19-communitynoarchvdesk= 1.2-r1UNKNOWN
Alpine3.20-communitynoarchvdesk= 1.2-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	vdesk	= 1.2-r1	UNKNOWN
Alpine	3.19-community	noarch	vdesk	= 1.2-r1	UNKNOWN
Alpine	3.20-community	noarch	vdesk	= 1.2-r1	UNKNOWN