Lucene search

THA-PSIRTCVELIST:CVE-2022-1293

HistoryAug 02, 2022 - 3:24 p.m.

CVE-2022-1293 XSS vulnerability in Citadel

2022-08-0215:24:27

CWE-80

THA-PSIRT

www.cve.org

xss

citadel

script-related

html

neutralization

bypassed

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

31.3%

JSON

The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.

CNA Affected

[
  {
    "platforms": [
      "Web Client"
    ],
    "product": "Citadel Web Client",
    "vendor": "Thales",
    "versions": [
      {
        "lessThan": "7.1.2",
        "status": "affected",
        "version": "7.1.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "Macosx"
    ],
    "product": "Citadel Macosx Desktop Client",
    "vendor": "Thales",
    "versions": [
      {
        "lessThan": "7.1.2",
        "status": "affected",
        "version": "7.1.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "Windows"
    ],
    "product": "Citadel Windows Desktop Client",
    "vendor": "Thales",
    "versions": [
      {
        "lessThan": "7.1.2",
        "status": "affected",
        "version": "7.1.1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.ercom.com/security-updates

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

31.3%

JSON

Related for CVELIST:CVE-2022-1293