CVE-2022-38358

Name of the Vulnerable Software and Affected Versions Eyes of Network (affected versions not specified)

Description The issue is related to improper neutralization of input during web page generation, making the Eyes of Network web application susceptible to cross-site scripting attacks. This can occur at specific API endpoints such as "/module/admin notifiers/rules.php" and "/module/report event/indext.php" via the parameters rule notification, rule name, and rule name old, and at "/module/admin user/add modify user.php" via the parameters user name and user email.

Recommendations For Eyes of Network, as a temporary workaround, consider restricting access to the vulnerable API endpoints "/module/admin notifiers/rules.php", "/module/report event/indext.php", and "/module/admin user/add modify user.php" to minimize the risk of exploitation. Avoid using the parameters rule notification, rule name, rule name old, user name, and user email in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.