Lucene search

[email protected]NVD:CVE-2022-39024

HistoryOct 31, 2022 - 7:15 a.m.

CVE-2022-39024

2022-10-3107:15:10

CWE-79

[email protected]

web.nvd.nist.gov

u-office

bulletin

filtering

javascript

xss

attack

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

49.2%

JSON

U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.

Affected configurations

Nvd

Node

edetwu-office_forceRange≤20.50.7821d

VendorProductVersionCPE
edetwu-office_force*cpe:2.3:a:edetw:u-office_force:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
edetw	u-office_force	*	cpe:2.3:a:edetw:u-office_force::::::::

References

www.twcert.org.tw/tw/cp-132-6639-fad13-1.html

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

49.2%

JSON

Related for NVD:CVE-2022-39024

prion1 cvelist1 cve1