CVE-2022-22834

2022-03-0720:52:17

mitre

www.cve.org

9.2 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.3%

JSON

An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution.

References

labs.yarix.com/2022/03/overit-framework-xslt-injection-and-xxe-cve-2022-22834-cve-2022-22835/

labs.yarix.com/advisories/cve-2022-22834/

overit.us/products/geocall/