CVE-2022-3901 - Visioweb.js - Prototype Pollution can results in XSS
CVE | CVE-2022-3901 | |||||||||||
Discovered by |
|
|||||||||||
Credits |
|
|||||||||||
Affected products |
|
|||||||||||
Page author | Victor Pasman | |||||||||||
CVSS |
Base score:
7.2
(HIGH) |
|||||||||||
References | https://csirt.divd.nl/CVE-2022-3901 ( third-party-advisory ) | |||||||||||
Problem type(s) | CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |||||||||||
Impact(s) | CAPEC-588 DOM-Based XSS | |||||||||||
Solution(s) | Upgrade to Visioweb 1.10.7 | |||||||||||
Last modified | 20 Feb 2023 11:56 |
Description
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.
JSON version