Vulnerability Name: | CVE-2022-36783 | ||||||
Assigned: | 2022-10-25 | ||||||
Published: | 2022-10-25 | ||||||
Updated: | 2022-10-27 | ||||||
Summary: | AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user. | ||||||
CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
| ||||||
CVSS v2 Severity: | 5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
| ||||||
Vulnerability Type: | CWE-79 | ||||||
References: | Source: MITRE Type: CNA CVE-2022-36783 Source: MISC Type: Third Party Advisory https://www.gov.il/en/Departments/faq/cve_advisories | ||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||
BACK |