Lucene search

DIVDCVELIST:CVE-2022-24386

HistoryMar 14, 2022 - 12:00 a.m.

CVE-2022-24386 Stored XSS in SmarterTrack v100.0.8019.14010

2022-03-1400:00:00

CWE-79

DIVD

www.cve.org

cve-2022-24386

stored xss

smartertrack

smartertools

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

35.8%

JSON

Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.

CNA Affected

[
  {
    "product": "SmarterTrack",
    "vendor": "SmarterTools",
    "versions": [
      {
        "lessThan": "Build 8075",
        "status": "affected",
        "version": "100.x",
        "versionType": "custom"
      }
    ]
  }
]

References

csirt.divd.nl/CVE-2022-24386

csirt.divd.nl/DIVD-2021-00029

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

35.8%

JSON

Related for CVELIST:CVE-2022-24386