Lucene search

IcscertCVELIST:CVE-2022-40204

HistoryNov 30, 2022 - 11:07 p.m.

CVE-2022-40204

2022-11-3023:07:29

CWE-79

icscert

www.cve.org

cross-site scripting

digital alert systems

dasdec software

host header

vulnerability

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

22.8%

JSON

A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DASDEC",
    "vendor": "Digital Alert Systems",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  }
]

References

www.digitalalertsystems.com/security-advisory

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

22.8%

JSON

Related for CVELIST:CVE-2022-40204