Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.
References
Link | Resource |
---|---|
https://stackstorm.com/2022/12/v3-8-0-released/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-12-05T00:00:00
Updated: 2022-12-05T00:00:00
Reserved: 2022-10-24T00:00:00
Link: CVE-2022-43706
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-12-05T23:15:09.757
Modified: 2022-12-06T20:33:40.097
Link: CVE-2022-43706
JSON object: View
Redhat Information
No data.
CWE