Cross-Site Scripting Vulnerability in SysAid Help Desk Software
CVE-2022-40322

6.1MEDIUM

Key Information:

Vendor
Sysaid
Status
Help Desk
Vendor
CVE Published:
11 September 2022

Summary

The SysAid Help Desk software prior to version 22.1.65 is susceptible to Cross-Site Scripting (XSS) vulnerabilities as identified in reports FR# 66542 and 65579. This weakness permits attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or exposure of sensitive information. Users of affected versions are strongly encouraged to upgrade to the latest release to mitigate this risk.

References

https://documentation.sysaid.com/docs/22165-release-notes
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-40322 : Cross-Site Scripting Vulnerability in SysAid Help Desk Software | SecurityVulnerability.io