CVE-2022-24654 - OpenCVE

Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Intelbras	Ata 200 Firmware Ata 200

Configuration 1 [-]

AND

cpe:2.3:o:intelbras:ata_200_firmware:74.19.10.21:*:*:*:*:*:*:*

cpe:2.3:h:intelbras:ata_200:-:*:*:*:*:*:*:*

References

Link	Resource
http://intelbras.com	Product
https://github.com/leonardobg/CVE-2022-24654	Exploit Third Party Advisory
https://packetstormsecurity.com/files/168064/Intelbras-ATA-200-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-15T18:44:35

Updated: 2022-08-17T12:36:17

Reserved: 2022-02-07T00:00:00

Link: CVE-2022-24654

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-15T19:15:08.250

Modified: 2022-10-26T03:13:40.190

Link: CVE-2022-24654

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Authenticated stored cross-site scripting (XSS) vulnerability in \"Field Server Address\" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-17T12:36:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://intelbras.com"}, {"tags": ["x_refsource_MISC"], "url": "https://packetstormsecurity.com/files/168064/Intelbras-ATA-200-Cross-Site-Scripting.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/leonardobg/CVE-2022-24654"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-24654", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Authenticated stored cross-site scripting (XSS) vulnerability in \"Field Server Address\" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://intelbras.com", "refsource": "MISC", "url": "http://intelbras.com"}, {"name": "https://packetstormsecurity.com/files/168064/Intelbras-ATA-200-Cross-Site-Scripting.html", "refsource": "MISC", "url": "https://packetstormsecurity.com/files/168064/Intelbras-ATA-200-Cross-Site-Scripting.html"}, {"name": "https://github.com/leonardobg/CVE-2022-24654", "refsource": "MISC", "url": "https://github.com/leonardobg/CVE-2022-24654"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-24654", "datePublished": "2022-08-15T18:44:35", "dateReserved": "2022-02-07T00:00:00", "dateUpdated": "2022-08-17T12:36:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}