PT-2022-5025 · Unknown · Cert/Cc Vince
Sei-Vsarvepalli
·
Published
2022-10-10
·
Updated
2023-07-10
·
CVE-2022-40248
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
CERT/CC VINCE versions prior to 1.50.4
Description
An HTML injection issue exists, allowing an authenticated attacker to inject arbitrary HTML via a form using the
Product Affected field. This can be exploited by a remote attacker.Recommendations
For versions prior to 1.50.4, update to version 1.50.4 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
Product Affected field in the form until a patch is applied.Fix
Open Redirect
Special Elements Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cert/Cc Vince