Vulnerability Description
A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Upstreamworks | Upstream Works On Finesse | >= 4.0, <= 4.2.14 |
Related Weaknesses (CWE)
References
- https://www.campusguard.com/post/going-beyond-pen-testing-to-identify-zero-day-eExploitThird Party Advisory
- https://www.upstreamworks.com/support/notifications/Vendor Advisory
- https://www.campusguard.com/post/going-beyond-pen-testing-to-identify-zero-day-eExploitThird Party Advisory
- https://www.upstreamworks.com/support/notifications/Vendor Advisory
FAQ
What is CVE-2022-37462?
CVE-2022-37462 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or ...
How severe is CVE-2022-37462?
CVE-2022-37462 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-37462?
Check the references section above for vendor advisories and patch information. Affected products include: Upstreamworks Upstream Works On Finesse.