PT-2022-28097 · Unknown · Heimdall Application Dashboard

Iodno

Published

2022-12-27

Updated

2025-04-11

CVE-2022-47968

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Heimdall Application Dashboard versions 2.5.4 and earlier

Description The issue allows for reflected and stored Cross-Site Scripting (XSS) attacks via the Application name variable to the "Add application" page. The stored XSS will be triggered in the "Application list" page.

Recommendations For Heimdall Application Dashboard versions 2.5.4 and earlier, as a temporary workaround, consider restricting access to the "Add application" page and the "Application list" page until a patch is available. Avoid using the Application name variable in the affected pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-47968

Affected Products

Heimdall Application Dashboard

PT-2022-28097 · Unknown · Heimdall Application Dashboard

CVE-2022-47968

Weakness Enumeration

Related Identifiers

Affected Products

References · 9