Arbitrary Text Injection

2023-09-2710:55:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

kiali

content spoofing

vulnerability

error handling

arbitrary text injection

url

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Kiali is vulnerable to content spoofing. The vulnerability is due to implement proper error handling when a page or endpoint being accessed is not found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.