PT-2022-24561 · Click Studios · Click Studios Passwordstate+1
Constantin Müller
+2
·
Published
2022-12-19
·
Updated
2022-12-28
·
CVE-2022-3877
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Click Studios Passwordstate (affected versions not specified)
Click Studios Passwordstate Browser Extension Chrome (affected versions not specified)
Description
A problematic vulnerability was found in the component URL Field Handler of Click Studios Passwordstate and Passwordstate Browser Extension Chrome. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Recommendations
Upgrade the affected component to a newer version.
As a temporary workaround, consider restricting access to the URL Field Handler component until a patch is available.
Avoid using the vulnerable URL Field Handler component in Click Studios Passwordstate and Passwordstate Browser Extension Chrome until the issue is resolved.
Exploit
Fix
Improper Neutralization
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Click Studios Passwordstate
Passwordstate Browser Extension Chrome