CVE-2022-3255

2022-09-2113:15:09

CWE-79

@huntrdev

web.nvd.nist.gov

information security

cve-2022-3255

browser security

script execution

user manipulation

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.

Affected configurations

Nvd

Node

pimcorepimcoreRange<10.5.7

VendorProductVersionCPE
pimcorepimcore*cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pimcore	pimcore	*	cpe:2.3:a:pimcore:pimcore::::::::

CNA Affected

[
  {
    "product": "pimcore/pimcore",
    "vendor": "pimcore",
    "versions": [
      {
        "lessThan": "10.5.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]