Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-23165
HistoryMay 12, 2022 - 8:15 p.m.

CVE-2022-23165

2022-05-1220:15:15
CWE-79
[email protected]
web.nvd.nist.gov
45
4
cve-2022-23165
sysaid
cross-site scripting
xss
security vulnerability
information security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

JSON

Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter “helpPageName” used by the page “/help/treecontent.jsp” suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it’s necessary for the affected product to expose the Offline Help Pages. An attacker may gain access to sensitive information or execute client-side code in the browser session of the victim user. Furthermore, an attacker would require the victim to open a malicious link. An attacker may exploit this vulnerability in order to perform phishing attacks. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system

Affected configurations

NVD
Node
sysaidsysaidRange<22.1.64on-premises
OR
sysaidsysaidRange<22.2.20cloud

CNA Affected

[
  {
    "platforms": [
      "cloud"
    ],
    "product": "Sysaid ",
    "vendor": "SysAid ",
    "versions": [
      {
        "lessThanOrEqual": "22.2.19",
        "status": "affected",
        "version": "22.2.19 cloud version",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "on premise"
    ],
    "product": "Sysaid ",
    "vendor": "SysAid ",
    "versions": [
      {
        "lessThanOrEqual": "22.1.63",
        "status": "affected",
        "version": "22.1.63 on premise version",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
nvd 1
prion 1
cvelist
cvelist
CVE-2022-23165 Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS)
2022-05-09 00:00:00
nvd
nvd
CVE-2022-23165
2022-05-12 20:15:15
prion
prion
Cross site scripting
2022-05-12 20:15:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

JSON
Related for CVE-2022-23165
cvelist1nvd1prion1