CVE-2022-3901
Visioweb.js - Prototype Pollution can results in XSS
| CVE | CVE-2022-3901 | |||||||||||
| Title | Visioweb.js - Prototype Pollution can results in XSS | |||||||||||
| Credits |
|
|||||||||||
| Affected products |
|
|||||||||||
| CVSS |
Base score:
7.2
(HIGH) |
|||||||||||
| References | https://csirt.divd.nl/CVE-2022-3901 ( third-party-advisory ) | |||||||||||
| Problem type(s) | CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |||||||||||
| Impact(s) | CAPEC-588 DOM-Based XSS | |||||||||||
| Date published | ||||||||||||
| Last modified | 20 Feb 2023 18:07 UTC |
Description
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.
Solution(s)
Upgrade to Visioweb 1.10.7
JSON version.