CVE-2022-32763

A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1541	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lansweeper:lansweeper:10.1.1.0:*:*:*:*:*:*:*

History

19 Dec 2022, 14:33

Type	Values Removed	Values Added
References	~~(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1541 -~~	(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1541 - Exploit, Third Party Advisory
First Time		Lansweeper lansweeper Lansweeper
CWE		CWE-79
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
CPE		cpe:2.3:a:lansweeper:lansweeper:10.1.1.0:::::::*

15 Dec 2022, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-15 10:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-32763

Mitre link : CVE-2022-32763

CVE.ORG link : CVE-2022-32763

JSON object : View

Products Affected

lansweeper

lansweeper

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-184

Incomplete List of Disallowed Inputs

{"id": "CVE-2022-32763", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-12-15T10:15:11.780", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1541", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-184"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una omisi\u00f3n de vulnerabilidad de sanitizaci\u00f3n de Cross-Site Scripting (XSS) en la funcionalidad SanitizeHtml de Lansweeper lansweeper 10.1.1.0. Una solicitud HTTP especialmente manipulada puede provocar una inyecci\u00f3n de c\u00f3digo Javascript arbitrario. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad."}], "lastModified": "2022-12-19T14:33:26.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lansweeper:lansweeper:10.1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B678EA8-701A-4508-BC31-AE93AEE6F1EE"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}