Stored Cross-Site Scripting Vulnerability in ISAMS Product by ISAMS
CVE-2022-37028

5.4MEDIUM

Key Information:

Vendor: Iris
Status: Isams
Vendor: CVE Published:; 27 September 2022

What is CVE-2022-37028?

The ISAMS application version 22.2.3.2 is susceptible to a stored Cross-Site Scripting (XSS) attack. This vulnerability arises from the title field for groups, where an attacker can inject malicious JavaScript code. This payload is executed in the context of another user's session, potentially compromising user data and application integrity. As a result, users may be exposed to unauthorized actions and data theft if they interact with the affected functionalities.

References

https://excellium-services.com/cert-xlm-advisory/CVE-2022...

https://www.isams.com/

https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-37028

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2022
Vulnerability Reserved
Jul 29, 2022

JSON

Iris

What is CVE-2022-37028?

References

CVSS V3.1

Timeline