Persistent Cross-Site Scripting Vulnerability in XMPie UStore by XMPie
CVE-2022-23321

4.8MEDIUM

Key Information:

Vendor
Xerox
Status
Xmpie Ustore
Vendor
CVE Published:
10 February 2022

Summary

A persistent cross-site scripting (XSS) vulnerability poses significant security risks within the XMPie UStore application. This flaw exists in two input fields located in the administrative panel where user details can be edited. An attacker could exploit this vulnerability to inject malicious scripts, compromising the integrity of the application and potentially gaining unauthorized access to sensitive data. It is crucial for administrators of XMPie UStore version 12.3.7244.0 to apply necessary security measures and updates to mitigate this security risk.

References

http://xmpie.com
x_refsource_MISC
https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabili...
x_refsource_MISC
https://www.xmpie.com/ustore-release-notes/
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.