Lucene search

[email protected]CVE-2022-39834

HistoryNov 17, 2022 - 5:15 a.m.

CVE-2022-39834

2022-11-1705:15:14

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-39834

primekey

ejbca

stored xss

vulnerability

adminweb

viewendentity.jsp

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.

Affected configurations

NVD

Node

keyfactorprimekey_ejbcaRange≤7.9.0.2

CPENameOperatorVersion
keyfactor:primekey_ejbcakeyfactor primekey ejbcale7.9.0.2

CPE	Name	Operator	Version
keyfactor:primekey_ejbca	keyfactor primekey ejbca	le	7.9.0.2

References

support.keyfactor.com/s/detail/a6x1Q000000CwCoQAK

Social References