CVE-2022-45049

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The url parameter on the novelist.php endpoint does not properly neutralise user input, resulting in the vulnerability.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://csirt.divd.nl/CVE-2022-45049/	Third Party Advisory
https://csirt.divd.nl/DIVD-2022-00064/	Third Party Advisory
https://csirt.divd.nl/CVE-2022-45049/	Third Party Advisory
https://csirt.divd.nl/DIVD-2022-00064/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:axiell:iguana:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

21 Nov 2024, 07:28

Type	Values Removed	Values Added
References	~~() https://csirt.divd.nl/CVE-2022-45049/ - Third Party Advisory~~	() https://csirt.divd.nl/CVE-2022-45049/ - Third Party Advisory
References	~~() https://csirt.divd.nl/DIVD-2022-00064/ - Third Party Advisory~~	() https://csirt.divd.nl/DIVD-2022-00064/ - Third Party Advisory
Summary		(es) Se encontró una vulnerabilidad XSS reflejada en Axiell Iguana CMS, que permite a un atacante ejecutar código en el navegador de la víctima. El parámetro url en el punto final novelist.php no neutraliza adecuadamente la entrada del usuario, lo que genera la vulnerabilidad.

Information

Published : 2023-01-04 19:15

Updated : 2024-11-21 07:28

NVD link : CVE-2022-45049

Mitre link : CVE-2022-45049

CVE.ORG link : CVE-2022-45049

JSON object : View

Products Affected

axiell

iguana

linux

linux_kernel

microsoft

windows

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-45049", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "csirt@divd.nl", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-01-04T19:15:09.180", "references": [{"url": "https://csirt.divd.nl/CVE-2022-45049/", "tags": ["Third Party Advisory"], "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/DIVD-2022-00064/", "tags": ["Third Party Advisory"], "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/CVE-2022-45049/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://csirt.divd.nl/DIVD-2022-00064/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "csirt@divd.nl", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The url parameter on the novelist.php endpoint does not properly neutralise user input, resulting in the vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad XSS reflejada en Axiell Iguana CMS, que permite a un atacante ejecutar c\u00f3digo en el navegador de la v\u00edctima. El par\u00e1metro url en el punto final novelist.php no neutraliza adecuadamente la entrada del usuario, lo que genera la vulnerabilidad."}], "lastModified": "2024-11-21T07:28:40.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:axiell:iguana:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6778577B-F2FC-4EEE-8B0F-101FF1108D23", "versionEndExcluding": "4.5.02", "versionStartIncluding": "4.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "csirt@divd.nl"}