Lucene search
TwcertCVELIST:CVE-2022-39026HistoryOct 31, 2022 - 6:40 a.m.
CVE-2022-39026 e-Excellence Inc. U-Office Force - Stored XSS
2022-10-3106:40:38
CWE-79
twcert
www.cve.org
6
u-office force
filtering
http headers
stored xss
remote attacker
javascript
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
29.2%
U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.
CNA Affected
[
{
"vendor": "e-Excellence Inc.",
"product": "U-Office Force",
"versions": [
{
"version": "unspecified",
"lessThanOrEqual": "20.50.7821D Build:202104sp1",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site scripting
2022-10-31 07:15:00
nvd
nvd
CVE-2022-39026
2022-10-31 07:15:10
cve
cve
CVE-2022-39026
2022-10-31 07:15:10
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
29.2%
Related for CVELIST:CVE-2022-39026