Reflected Cross-Site Scripting Vulnerability in Veritas Desktop Laptop Option
CVE-2022-41319

6.1MEDIUM

Key Information:

Vendor
Veritas
Status
Desktop And Laptop Option
Vendor
CVE Published:
23 September 2022

Summary

A reflected cross-site scripting (XSS) vulnerability has been identified in the login page of the Veritas Desktop Laptop Option (DLO) application. This security flaw allows attackers to inject malicious scripts via the DLOServer/restore/login.jsp URI, potentially compromising user accounts. Affected versions include all prior to 9.8, specifically ranging from 9.1 to 9.7. Users and administrators are urged to update to the latest version to mitigate these risks.

References

https://www.veritas.com/content/support/en_US/security/VT...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-41319 : Reflected Cross-Site Scripting Vulnerability in Veritas Desktop Laptop Option | SecurityVulnerability.io