Lucene search
HistoryOct 31, 2022 - 7:15 a.m.
CVE-2022-39026
u-office
userdefault
filtering
vulnerability
http
header
fields
remote attacker
privilege
exploit
javascript
xss
stored cross-site scripting
attack
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
29.2%
U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.
Affected configurations
Node
edetwu-office_forceRange≤20.50.7821d
| Vendor | Product | Version | CPE |
|---|---|---|---|
| edetw | u-office_force | * | cpe:2.3:a:edetw:u-office_force:*:*:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2022-10-31 07:15:00
cvelist
cvelist
CVE-2022-39026 e-Excellence Inc. U-Office Force - Stored XSS
2022-10-31 06:40:38
cve
cve
CVE-2022-39026
2022-10-31 07:15:10
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
29.2%
Related for NVD:CVE-2022-39026