Lucene search

Rapid7CVELIST:CVE-2022-34879

HistoryJul 05, 2022 - 3:40 p.m.

CVE-2022-34879 VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple Cross Site Scripting (XSS) vulnerabilities at /vicidial/admin.php.

2022-07-0515:40:31

CWE-79

rapid7

www.cve.org

vicidial

cross site scripting

xss

ast agent time sheet

search archived data

security vulnerability

cve-2022-34879

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

31.3%

JSON

Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.

CNA Affected

[
  {
    "product": "VICIdial",
    "vendor": "VICIdial",
    "versions": [
      {
        "lessThan": "3555",
        "status": "affected",
        "version": "2.14b0.5",
        "versionType": "custom"
      }
    ]
  }
]

References

www.vicidial.org/VICIDIALforum/viewtopic.php?f=4&t=41300&sid=aacb27a29fefd85265b4d55fe51122af