{"containers": {"cna": {"affected": [{"product": "Velociraptor", "vendor": "Rapid7", "versions": [{"lessThan": "0.6.5-2", "status": "affected", "version": "0.6.5-2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Issue identified and disclosed by Tim Goddard of CyberCX during a security code review"}], "datePublic": "2022-07-26T00:00:00", "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-29T17:00:33", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/"}], "source": {"discovery": "EXTERNAL"}, "title": "Unsafe HTML Injection in Artifact Collection Report", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2022-07-26T17:15:00.000Z", "ID": "CVE-2022-35630", "STATE": "PUBLIC", "TITLE": "Unsafe HTML Injection in Artifact Collection Report"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Velociraptor", "version": {"version_data": [{"version_affected": "<", "version_name": "0.6.5-2", "version_value": "0.6.5-2"}]}}]}, "vendor_name": "Rapid7"}]}}, "credit": [{"lang": "eng", "value": "Issue identified and disclosed by Tim Goddard of CyberCX during a security code review"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/", "refsource": "CONFIRM", "url": "https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2022-35630", "datePublished": "2022-07-26T00:00:00", "dateReserved": "2022-07-11T00:00:00", "dateUpdated": "2022-07-29T17:00:33", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:velociraptor:*:*:*:*:*:*:*:*", "matchCriteriaId": "25500856-C930-4911-A709-292339FC5876", "versionEndExcluding": "0.6.5-2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2."}, {"lang": "es", "value": "Un problema de tipo cross-site scripting (XSS) en la generaci\u00f3n de un informe de colecci\u00f3n hac\u00eda posible que clientes maliciosos inyectaran c\u00f3digo JavaScript en el archivo HTML est\u00e1tico. Este problema se resolvi\u00f3 en Velociraptor versi\u00f3n 0.6.5-2"}], "id": "CVE-2022-35630", "lastModified": "2022-08-04T10:16:36.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-29T17:15:09.427", "references": [{"source": "cve@rapid7.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "cve@rapid7.com", "type": "Secondary"}]}

{}