Lucene search

DIVDCVELIST:CVE-2022-3901

HistoryFeb 20, 2023 - 6:07 p.m.

CVE-2022-3901 Visioweb.js - Prototype Pollution can results in XSS

2023-02-2018:07:34

CWE-1321

DIVD

www.cve.org

cve-2022-3901

visioweb.js

prototype pollution

xss

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.3%

JSON

Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.

CNA Affected

[
  {
    "vendor": "Visio Globe",
    "product": "Visioweb",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "1.10.6",
        "versionType": "1.10.6"
      }
    ],
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ]
  }
]

References

csirt.divd.nl/CVE-2022-3901

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.3%

JSON

Related for CVELIST:CVE-2022-3901