CVE-2022-30360

OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required.

CVSS v3.0 6.4 MEDIUM

6.4^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://cve.offsecguy.com/ovaledge/vulnerabilities/stored-xss#cve-2022-30360	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ovaledge:ovaledge:*:*:*:*:*:*:*:*

History

31 Oct 2024, 16:38

Type	Values Removed	Values Added
CWE		CWE-79
CPE		cpe:2.3:a:ovaledge:ovaledge::::::::
First Time		Ovaledge Ovaledge ovaledge
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.4
References	~~() https://cve.offsecguy.com/ovaledge/vulnerabilities/stored-xss#cve-2022-30360 -~~	() https://cve.offsecguy.com/ovaledge/vulnerabilities/stored-xss#cve-2022-30360 - Exploit, Third Party Advisory

25 Oct 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-25 17:15

Updated : 2024-10-31 16:38

NVD link : CVE-2022-30360

Mitre link : CVE-2022-30360

JSON object : View

Products Affected

ovaledge

ovaledge

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.4 /10