CVE-2022-35630

Name of the Vulnerable Software and Affected Versions Velociraptor versions prior to 0.6.5-2

Description A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file.

Recommendations For versions prior to 0.6.5-2, update to Velociraptor 0.6.5-2 to resolve the issue. As a temporary workaround, consider restricting access to the collection report feature until the update is applied.