Lucene search

TalosCVELIST:CVE-2022-26842

HistoryAug 22, 2022 - 6:22 p.m.

CVE-2022-26842

2022-08-2218:22:05

CWE-79

talos

www.cve.org

cve-2022-26842

cross-site scripting

charts tab selection

http request

arbitrary javascript execution

authenticated user

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

55.4%

JSON

A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.

CNA Affected

[
  {
    "product": "AVideo",
    "vendor": "WWBN",
    "versions": [
      {
        "status": "affected",
        "version": "11.6"
      },
      {
        "status": "affected",
        "version": "dev master commit 3f7c0364"
      }
    ]
  }
]

References

github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql

talosintelligence.com/vulnerability_reports/TALOS-2022-1537

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

55.4%

JSON

Related for CVELIST:CVE-2022-26842