Lucene search

K
cve[email protected]CVE-2022-36778
HistorySep 13, 2022 - 3:15 p.m.

CVE-2022-36778

2022-09-1315:15:08
CWE-79
web.nvd.nist.gov
25
4
cve-2022-36778
vulnerability
html
javascript
code injection
nvd
workers

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.9%

insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code.

Affected configurations

NVD
Node
syneleharmonyRange<11
CPENameOperatorVersion
synel:eharmonysynel eharmonylt11

CNA Affected

[
  {
    "product": "eHarmony",
    "vendor": "Synel",
    "versions": [
      {
        "lessThan": "v11*",
        "status": "affected",
        "version": "v11",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.9%

Related for CVE-2022-36778