Lucene search

PRIOn knowledge basePRION:CVE-2022-46823

HistoryJan 10, 2023 - 12:15 p.m.

Cross site scripting

2023-01-1012:15:00

PRIOn knowledge base

www.prio-n.com

mendix saml

vulnerability

cross-site scripting

xss

reflected

version-specific

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.6%

JSON

A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link.

CPENameOperatorVersion
samlge2.3.0
samllt2.3.4
samlge3.3.0
samllt3.3.9

Name	Operator	Version
saml	ge	2.3.0
saml	lt	2.3.4
saml	ge	3.3.0
saml	lt	3.3.9

References

cert-portal.siemens.com/productcert/pdf/ssa-496604.pdf