PT-2023-13669 · Unknown · Visioweb.Js

Jan-Jaap Korpershoek

Publicado

2023-02-20

Atualizado

2024-09-12

CVE-2022-3901

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Visioweb.js version 1.10.6

Description The issue allows attackers to execute XSS on the client system through prototype pollution in Visioweb.js. This enables malicious activities on the client's system.

Recommendations For Visioweb.js version 1.10.6, consider updating to a newer version that addresses the prototype pollution issue to prevent XSS attacks on the client system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Prototype Pollution

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1321

Identificadores relacionados

CVE-2022-3901

Produtos afetados

Visioweb.Js

PT-2023-13669 · Unknown · Visioweb.Js

CVE-2022-3901

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4