Lucene search

[email protected]NVD:CVE-2022-40294

HistoryOct 31, 2022 - 9:15 p.m.

CVE-2022-40294

2022-10-3121:15:13

CWE-1236

[email protected]

web.nvd.nist.gov

csv injection

data export

malicious code

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

42.8%

JSON

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.

Affected configurations

NVD

Node

phppointofsalephp_point_of_saleMatch19.0

References

www.themissinglink.com.au/security-advisories/cve-2022-40294

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

42.8%

JSON

Related for NVD:CVE-2022-40294

cve1 cvelist1 prion1