CVE-2022-47968
Global infos:
Heimdall Application Dashboard through 2.5.4 allows reflected and stored XSS via "Application name" to the "Add application" page. The stored XSS will be triggered in the "Application list" page.
CVE Status: Modified
References:
Metrics:
| Attribute | Value |
|---|---|
| Attack Complexity | LOW |
| Attack Vector | NETWORK |
| Availability Impact | NONE |
| Base Score | 5.4 |
| Base Severity | MEDIUM |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Privileges Required | LOW |
| Scope | CHANGED |
| User Interaction | REQUIRED |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| Exploitability Score | 2.3 |
| Impact Score | 2.7 |
| Source | [email protected] |
| Type | Primary |