Lucene search

[email protected]NVD:CVE-2022-40434

HistoryDec 19, 2022 - 10:15 p.m.

CVE-2022-40434

2022-12-1922:15:11

CWE-79

[email protected]

web.nvd.nist.gov

softr v2.0

html injection

account page

name field

vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

66.6%

JSON

Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page.

Affected configurations

Nvd

Node

softrsoftrMatch2.0

VendorProductVersionCPE
softrsoftr2.0cpe:2.3:a:softr:softr:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
softr	softr	2.0	cpe:2.3:a:softr:softr:2.0:::::::*

References

softr.com

isaghojaria.medium.com/softr-v2-0-was-discovered-to-be-vulnerable-to-html-injection-via-the-name-field-of-the-account-page-c6fbd3162254

www.softr.io/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

66.6%

JSON

Related for NVD:CVE-2022-40434

prion1 cvelist1 cve1