CVE-2022-26155

Опубликовано: 28 фев. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body.

Ссылки

https://github.com/l00neyhacker/CVE-2022-26155
Third Party Advisory
https://help.cherwell.com/bundle/release_notes_10_4_help_only/page/content/release_notes/10_4_0_fix_list.html
Release Notes
Vendor Advisory
https://github.com/l00neyhacker/CVE-2022-26155
Third Party Advisory
https://help.cherwell.com/bundle/release_notes_10_4_help_only/page/content/release_notes/10_4_0_fix_list.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cherwell:cherwell_service_management:10.2.3:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00526

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jgfq-3rxx-m3mq