Lucene search

TR-CERTCVE-2022-23790

HistoryMar 14, 2023 - 9:15 a.m.

CVE-2022-23790

2023-03-1409:15:12

CWE-79

TR-CERT

web.nvd.nist.gov

cve-2022-23790

firmanet software

technology

customer relation manager

cross-site scripting

xss

security vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13.

Affected configurations

Nvd

Node

firmanettechnology_customer_relation_managerRange<2022.03.13

VendorProductVersionCPE
firmanettechnology_customer_relation_manager*cpe:2.3:a:firmanet:technology_customer_relation_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
firmanet	technology_customer_relation_manager	*	cpe:2.3:a:firmanet:technology_customer_relation_manager::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Customer Relation Manager",
    "vendor": "Firmanet Software and Technology",
    "versions": [
      {
        "lessThan": "2022.03.13",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-23-0145

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.1%

JSON

Related for CVE-2022-23790