CVE-2022-3901 - Visioweb.js - Prototype Pollution can results in XSS
| CVE | CVE-2022-3901 | |||||||||||
| Discovered by |
|
|||||||||||
| Credits |
|
|||||||||||
| Affected products |
|
|||||||||||
| Page author | Victor Pasman | |||||||||||
| CVSS |
Base score:
7.2
(HIGH) |
|||||||||||
| References | https://csirt.divd.nl/CVE-2022-3901 ( third-party-advisory ) | |||||||||||
| Problem type(s) | CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |||||||||||
| Impact(s) | CAPEC-588 DOM-Based XSS | |||||||||||
| Solution(s) | Upgrade to Visioweb 1.10.7 | |||||||||||
| Last modified | 20 Feb 2023 11:56 |
Description
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.
JSON version