CVE-2022-23321 — MEDIUM (4.8)

Vulnerability Description

A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Xerox	Xmpie Ustore	12.3.7244.0

Related Weaknesses (CWE)

CWE-79

References

http://xmpie.comProduct
https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ExploitThird Party Advisory
https://www.xmpie.com/ustore-release-notes/Release NotesVendor Advisory
http://xmpie.comProduct
https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ExploitThird Party Advisory
https://www.xmpie.com/ustore-release-notes/Release NotesVendor Advisory

FAQ

What is CVE-2022-23321?

CVE-2022-23321 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.

How severe is CVE-2022-23321?

CVE-2022-23321 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-23321?

Check the references section above for vendor advisories and patch information. Affected products include: Xerox Xmpie Ustore.