CVE-2022-35554

2022-08-1922:33:13

mitre

www.cve.org

cve-2022-35554

reflected xss

bpc smartvista

error message handling

client-side code execution

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

34.5%

JSON

Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.

References

bpcbt.com

smartvista.com

tf1t.gitbook.io/mycve/smartvista/smartvista-cardgen/reflected-xss-in-smartvista-cardgen-version-3.28.0-cve-2022-35554