Lucene search

[email protected]NVD:CVE-2022-37462

HistoryApr 10, 2023 - 1:15 p.m.

CVE-2022-37462

2023-04-1013:15:06

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-37462

cross-site scripting

remote attackers

html injection

file upload

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.4%

JSON

A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details.

Affected configurations

Nvd

Node

upstreamworksupstream_works_on_finesseRange4.0–4.2.14

upstreamworksupstream_works_on_finesseRange5.0–5.3

VendorProductVersionCPE
upstreamworksupstream_works_on_finesse*cpe:2.3:a:upstreamworks:upstream_works_on_finesse:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
upstreamworks	upstream_works_on_finesse	*	cpe:2.3:a:upstreamworks:upstream_works_on_finesse::::::::

References

www.campusguard.com/post/going-beyond-pen-testing-to-identify-zero-day-exploits

www.upstreamworks.com/support/notifications/