Lucene search

[email protected]NVD:CVE-2022-22755

HistoryDec 22, 2022 - 8:15 p.m.

CVE-2022-22755

2022-12-2220:15:18

CWE-672

[email protected]

web.nvd.nist.gov

xsl transforms

malicious webserver

javascript execution

same-origin policy

firefox 97

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.4%

JSON

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97.

Affected configurations

NVD

Node

mozillafirefoxRange<97.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1309630

www.mozilla.org/security/advisories/mfsa2022-04/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.4%

JSON

Related for NVD:CVE-2022-22755

prion1 ubuntucve1 cve1 cvelist1 veracode1 debiancve1 cnvd1 alpinelinux1 openvas4 nessus4 osv1 ubuntu1 kaspersky1 mozilla1 gentoo1