Skip to the content.

CVE-2022-3901 - Visioweb.js - Prototype Pollution can results in XSS

CVE CVE-2022-3901
Discovered by
  • Jan-Jaap Korpershoek
Affected products
Product Affected Unaffected Unknown
Visio Globe Visioweb on Windows, MacOS, Linux >= 1.10.6 0 to < 1.10.6
everything else
Page author Victor Pasman
CVSS Base score: 7.2 (HIGH)
References ( third-party-advisory )
Problem type(s) CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Impact(s) CAPEC-588 DOM-Based XSS
Solution(s) Upgrade to Visioweb 1.10.7
Last modified 20 Feb 2023 11:56


Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.

JSON version