CVE-2022-21145

Опубликовано: 14 апр. 2022

Источник: nvd

CVSS3: 9.1

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1442
Exploit
Third Party Advisory
https://www.lansweeper.com/changelog/
Release Notes
Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1442
Exploit
Third Party Advisory
https://www.lansweeper.com/changelog/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lansweeper:lansweeper:9.1.20.2:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06609

Низкий

9.1 Critical

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-80

CWE-79

Связанные уязвимости

GHSA-c8r6-vf82-fj44

CVSS3: 4.8

github

почти 4 года назад

EPSS

Процентиль: 91%

0.06609

Низкий

9.1 Critical

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-80

CWE-79