Lucene search
Rapid7CVE-2022-35630HistoryJul 29, 2022 - 5:15 p.m.
CVE-2022-35630
2022-07-2917:15:09
CWE-79
rapid7
web.nvd.nist.gov
35
4
cve-2022-35630
cross-site scripting
xss
velociraptor 0.6.5-2
nvd
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
31.3%
A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2.
Affected configurations
Node
rapid7velociraptorRange<0.6.5-2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rapid7 | velociraptor | * | cpe:2.3:a:rapid7:velociraptor:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Velociraptor",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "0.6.5-2",
"status": "affected",
"version": "0.6.5-2",
"versionType": "custom"
}
]
}
]Social References
More
Related
prion
prion
Cross site scripting
2022-07-29 17:15:00
nvd
nvd
CVE-2022-35630
2022-07-29 17:15:09
cvelist
cvelist
CVE-2022-35630 Unsafe HTML Injection in Artifact Collection Report
2022-07-29 17:00:33
veracode
veracode
Cross-site Scripting (XSS)
2022-08-01 03:39:17
rapid7blog
rapid7blog
CVE-2022-35629..35632 Velociraptor Multiple Vulnerabilities (FIXED)
2022-07-26 17:15:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
31.3%
Related for CVE-2022-35630