An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field.
References
Link | Resource |
---|---|
https://github.com/CERTCC/VINCE/issues?q=label%3Asecurity | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2022-10-10T00:00:00
Updated: 2022-11-01T21:37:23.260Z
Reserved: 2022-09-08T00:00:00
Link: CVE-2022-40248
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-10-10T20:15:09.727
Modified: 2023-07-10T18:44:33.213
Link: CVE-2022-40248
JSON object: View
Redhat Information
No data.