Lucene search

[email protected]NVD:CVE-2022-3901

HistoryFeb 20, 2023 - 7:15 p.m.

CVE-2022-3901

2023-02-2019:15:10

CWE-1321

[email protected]

web.nvd.nist.gov

visioweb.js 1.10.6

prototype pollution

xss

client system

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.1%

JSON

Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.

Affected configurations

Nvd

Node

visioglobevisiowebMatch1.10.6

VendorProductVersionCPE
visioglobevisioweb1.10.6cpe:2.3:a:visioglobe:visioweb:1.10.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
visioglobe	visioweb	1.10.6	cpe:2.3:a:visioglobe:visioweb:1.10.6:::::::*

References

csirt.divd.nl/CVE-2022-3901

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.1%

JSON

Related for NVD:CVE-2022-3901

cve1 cvelist1 prion1