PT-2022-19417 · Ericom · Ericom Powerterm Webconnect

Ryan Emmons

Published

2022-04-28

Updated

2022-05-06

CVE-2022-29152

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Ericom PowerTerm WebConnect version 6.0

Description The Ericom PowerTerm WebConnect login portal can unsafely write an XSS payload from the AppPortal cookie into the page. This issue allows for potential cross-site scripting attacks.

Recommendations For Ericom PowerTerm WebConnect version 6.0, consider disabling the login portal functionality until a patch is available to prevent potential XSS attacks. Restrict access to the login portal to minimize the risk of exploitation. Avoid using the AppPortal cookie in the affected login portal until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-29152

Affected Products

Ericom Powerterm Webconnect

PT-2022-19417 · Ericom · Ericom Powerterm Webconnect

CVE-2022-29152

Weakness Enumeration

Related Identifiers

Affected Products

References · 5