CVE-2022-43706 - OpenCVE

Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Stackstorm	Stackstorm

Configuration 1 [-]

cpe:2.3:a:stackstorm:stackstorm:*:*:*:*:*:*:*:*

References

Link	Resource
https://stackstorm.com/2022/12/v3-8-0-released/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-05T00:00:00

Updated: 2022-12-05T00:00:00

Reserved: 2022-10-24T00:00:00

Link: CVE-2022-43706

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-12-05T23:15:09.757

Modified: 2022-12-06T20:33:40.097

Link: CVE-2022-43706

JSON object: View

Redhat Information

No data.

CWE

CWE-79