PT-2022-22414 · Vicidial · Vicidial

Published

2022-07-05

Updated

2022-07-13

CVE-2022-34879

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions VICIdial versions 2.14b0.5 prior to 3555

Description The issue is related to Reflected Cross Site Scripting (XSS) vulnerabilities in the AST Agent Time Sheet interface of VICIdial. The vulnerabilities can be exploited via the agent and search archived data parameters in the /vicidial/AST agent time sheet.php endpoint.

Recommendations For VICIdial versions 2.14b0.5 prior to 3555, consider disabling access to the /vicidial/AST agent time sheet.php endpoint until a patch is available. Restrict the use of the agent and search archived data parameters to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-34879

Affected Products

Vicidial

PT-2022-22414 · Vicidial · Vicidial

CVE-2022-34879

Weakness Enumeration

Related Identifiers

Affected Products

References · 5