Cross site scripting

2022-07-1305:15:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.

CPENameOperatorVersion
oxygen_publishing_enginelt22.1
oxygen_publishing_engineeq22.1 2020121711
oxygen_publishing_engineeq22.1 2020100801
oxygen_publishing_engineeq22.1 2020061014
oxygen_publishing_engineeq22.1 2020072823
oxygen_publishing_engineeq23.1 2021060401
oxygen_publishing_engineeq23.1 2021040717
oxygen_xml_authorlt22.1
oxygen_xml_authoreq22.1 2020061102
oxygen_xml_authoreq22.1 2020072902

Name	Operator	Version
oxygen_publishing_engine	lt	22.1
oxygen_publishing_engine	eq	22.1 2020121711
oxygen_publishing_engine	eq	22.1 2020100801
oxygen_publishing_engine	eq	22.1 2020061014
oxygen_publishing_engine	eq	22.1 2020072823
oxygen_publishing_engine	eq	23.1 2021060401
oxygen_publishing_engine	eq	23.1 2021040717
oxygen_xml_author	lt	22.1
oxygen_xml_author	eq	22.1 2020061102
oxygen_xml_author	eq	22.1 2020072902