Lucene search

[email protected]NVD:CVE-2022-40324

HistorySep 11, 2022 - 9:15 p.m.

CVE-2022-40324

2022-09-1121:15:08

CWE-79

[email protected]

web.nvd.nist.gov

sysaid help desk

xss

linked srs

cross site scripting

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

JSON

SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258.

Affected configurations

Nvd

Node

sysaidhelp_deskRange<22.1.65

VendorProductVersionCPE
sysaidhelp_desk*cpe:2.3:a:sysaid:help_desk:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sysaid	help_desk	*	cpe:2.3:a:sysaid:help_desk::::::::

References

documentation.sysaid.com/docs/22165-release-notes

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

JSON

Related for NVD:CVE-2022-40324

prion1 cvelist1 cve1