Lucene search
Fluid AttacksCVE-2022-42746HistoryNov 03, 2022 - 8:15 p.m.
CVE-2022-42746
2022-11-0320:15:32
CWE-79
Fluid Attacks
web.nvd.nist.gov
29
6
candidats
cve-2022-42746
xss
cookie theft
security vulnerability
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.8%
CandidATS version 3.0.0 on ‘indexFile’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
Affected configurations
Node
auieocandidatsMatch3.0.0-
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "CandidATS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0.0"
}
]
}
]Social References
More
Related
cvelist
cvelist
CVE-2022-42746
2022-11-03 00:00:00
prion
prion
Cross site scripting
2022-11-03 20:15:00
nvd
nvd
CVE-2022-42746
2022-11-03 20:15:32
nuclei
nuclei
CandidATS 3.0.0 - Cross-Site Scripting.
2022-11-04 13:21:54
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.8%
Related for CVE-2022-42746