PT-2023-13669 · Unknown · Visioweb.Js
Jan-Jaap Korpershoek
+1
·
Published
2023-02-20
·
Updated
2024-09-12
·
CVE-2022-3901
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Visioweb.js version 1.10.6
Description
The issue allows attackers to execute XSS on the client system through prototype pollution in Visioweb.js. This enables malicious activities on the client's system.
Recommendations
For Visioweb.js version 1.10.6, consider updating to a newer version that addresses the prototype pollution issue to prevent XSS attacks on the client system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Visioweb.Js