Lucene search
Rapid7CVE-2022-35632HistoryJul 29, 2022 - 5:15 p.m.
CVE-2022-35632
2022-07-2917:15:09
CWE-79
rapid7
web.nvd.nist.gov
37
6
velociraptor
gui
editor
xss
vql
function
description
vulnerability
security
nvd
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
22.7%
The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2.
Affected configurations
Node
rapid7velociraptorRange<0.6.5-2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rapid7 | velociraptor | * | cpe:2.3:a:rapid7:velociraptor:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Velociraptor",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "0.6.5-2",
"status": "affected",
"version": "0.6.5-2",
"versionType": "custom"
}
]
}
]Social References
More
Related
prion
prion
Cross site scripting
2022-07-29 17:15:00
veracode
veracode
Cross-Site Scripting (XSS)
2022-08-01 06:46:13
cvelist
cvelist
CVE-2022-35632 XSS in User Interface
2022-07-29 17:01:01
nvd
nvd
CVE-2022-35632
2022-07-29 17:15:09
rapid7blog
rapid7blog
CVE-2022-35629..35632 Velociraptor Multiple Vulnerabilities (FIXED)
2022-07-26 17:15:00
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
22.7%
Related for CVE-2022-35632