PT-2023-14564 · Kioware · Kioware
Olnor18
·
Publicado
2023-03-06
·
Atualizado
2023-07-21
·
CVE-2022-44875
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
KioWare versions through 8.33
Description
The issue allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code because KioWare sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin.
Recommendations
For versions through 8.33, update to a version that does not set KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin to prevent attackers from obtaining SYSTEM access via KioUtils.Execute in JavaScript code.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kioware