Lucene search

VulDBCVELIST:CVE-2022-3442

HistoryOct 10, 2022 - 12:00 a.m.

CVE-2022-3442 Crealogix EBICS ebics.aspx cross site scripting

2022-10-1000:00:00

CWE-707

VulDB

www.cve.org

crealogix ebics

cross site scripting

vulnerability

upgrade

version 7.1

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

25.9%

JSON

A vulnerability was found in Crealogix EBICS 7.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ebics-server/ebics.aspx. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-210374 is the identifier assigned to this vulnerability.

CNA Affected

[
  {
    "vendor": "Crealogix",
    "product": "EBICS",
    "versions": [
      {
        "version": "7.0",
        "status": "affected"
      }
    ]
  }
]

References

vuldb.com/?id.210374

www.pentagrid.ch/en/blog/reflected-xss-vulnerability-in-crealogix-ebics-implementation/

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

25.9%

JSON

Related for CVELIST:CVE-2022-3442