Lucene search
HistoryDec 05, 2022 - 11:15 p.m.
CVE-2022-43706
cve-2022-43706
cross-site scripting
stackstorm
web ui
logged in users
pack rules
arbitrary script
html
execution
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.0%
Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.
Affected configurations
Node
stackstormstackstormRange<3.8.0
References
Related
osv
osv
CVE-2022-43706
2022-12-05 23:15:09
cve
cve
CVE-2022-43706
2022-12-05 23:15:09
cvelist
cvelist
CVE-2022-43706
2022-12-05 00:00:00
prion
prion
Cross site scripting
2022-12-05 23:15:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.0%
Related for NVD:CVE-2022-43706