Lucene search

[email protected]NVD:CVE-2022-4559

HistoryDec 16, 2022 - 5:15 p.m.

CVE-2022-4559

2022-12-1617:15:08

CWE-707

[email protected]

web.nvd.nist.gov

inex ipx-manager

cross-site scripting

remote attack

upgrade

patch

vdb-215962

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.0%

JSON

A vulnerability was found in INEX IPX-Manager up to 6.2.0. It has been declared as problematic. This vulnerability affects unknown code of the file resources/views/customer/list.foil.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.3.0 is able to address this issue. The name of the patch is bc9b14c6f70cccdb89b559e8bc3a7318bfe9c243. It is recommended to upgrade the affected component. VDB-215962 is the identifier assigned to this vulnerability.

Affected configurations

Nvd

Node

inexixp_managerRange<6.3.0

VendorProductVersionCPE
inexixp_manager*cpe:2.3:a:inex:ixp_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
inex	ixp_manager	*	cpe:2.3:a:inex:ixp_manager::::::::

References

github.com/inex/IXP-Manager/commit/bc9b14c6f70cccdb89b559e8bc3a7318bfe9c243

github.com/inex/IXP-Manager/releases/tag/v6.3.0

vuldb.com/?id.215962

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.0%

JSON

Related for NVD:CVE-2022-4559

cvelist1 prion1 cve1 osv1