CVE-2022-40257 An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4

2022-10-1000:00:00

CWE-74

certcc

www.cve.org

cve-2022-40257

cert/cc vince

html injection

software vulnerability

email content

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.

CNA Affected

[
  {
    "vendor": "CERT/CC",
    "product": "VINCE - The Vulnerability Information and Coordination Environment ",
    "versions": [
      {
        "version": "1.48.0",
        "status": "affected",
        "lessThan": "1.50.4",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/CERTCC/VINCE/issues?q=label%3Asecurity