Lucene search

TR-CERTCVE-2022-23791

HistoryMar 14, 2023 - 9:15 a.m.

CVE-2022-23791

2023-03-1409:15:12

CWE-79

TR-CERT

web.nvd.nist.gov

cve-2022-23791

cross-site scripting

xss

firmanet software

technology

crm

security vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13.

Affected configurations

Nvd

Node

firmanetcustomer_relation_managerRange<2022.03.13

VendorProductVersionCPE
firmanetcustomer_relation_manager*cpe:2.3:a:firmanet:customer_relation_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
firmanet	customer_relation_manager	*	cpe:2.3:a:firmanet:customer_relation_manager::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Customer Relation Manager",
    "vendor": "Firmanet Software and Technology",
    "versions": [
      {
        "lessThan": "2022.03.13",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-23-0145

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.1%

JSON

Related for CVE-2022-23791