CVE-2022-37028 — MEDIUM (5.4)

Vulnerability Description

ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Iris	Isams	22.2.3.2

Related Weaknesses (CWE)

CWE-79

References

https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-37028
https://excellium-services.com/cert-xlm-advisory/CVE-2022-37028Third Party Advisory
https://www.isams.com/Product
https://excellium-services.com/cert-xlm-advisory/CVE-2022-37028Third Party Advisory
https://www.isams.com/Product

FAQ

What is CVE-2022-37028?

CVE-2022-37028 is a vulnerability with a CVSS score of 5.4 (MEDIUM). ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the a...

How severe is CVE-2022-37028?

CVE-2022-37028 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-37028?

Check the references section above for vendor advisories and patch information. Affected products include: Iris Isams.