Cross site scripting

2022-12-1321:15:00

PRIOn knowledge base

www.prio-n.com

nortek linear

emerge

xss

vulnerability

privileges

session fixation

escalate

0.001 Low

EPSS

Percentile

32.2%

JSON

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors.

CPENameOperatorVersion
linear_emerge_e3_access_control_firmwareeq0.32.7101
linear_emerge_e3_access_control_firmwareeq0.32.7112
linear_emerge_e3_access_control_firmwareeq0.32.8101
linear_emerge_e3_access_control_firmwareeq0.32.8102
linear_emerge_e3_access_control_firmwareeq0.32.997
linear_emerge_e3_access_control_firmwareeq0.32.998
linear_emerge_e3_access_control_firmwareeq0.32.999

Name	Operator	Version
linear_emerge_e3_access_control_firmware	eq	0.32.7101
linear_emerge_e3_access_control_firmware	eq	0.32.7112
linear_emerge_e3_access_control_firmware	eq	0.32.8101
linear_emerge_e3_access_control_firmware	eq	0.32.8102
linear_emerge_e3_access_control_firmware	eq	0.32.997
linear_emerge_e3_access_control_firmware	eq	0.32.998
linear_emerge_e3_access_control_firmware	eq	0.32.999

References

github.com/omarhashem123/Security-Research/blob/main/CVE-2022-38628/CVE-2022-38628.txt

0.001 Low

EPSS

Percentile

32.2%

JSON

Related for PRION:CVE-2022-38628