Stored Cross-Site Scripting Vulnerability in QlikView by Qlik
CVE-2022-42248

5.4MEDIUM

Key Information:

Vendor

Qlik

Status
Vendor
CVE Published:
6 March 2023

What is CVE-2022-42248?

QlikView version 12.60.2 is susceptible to a stored cross-site scripting (XSS) flaw in the QvsViewClient component. This vulnerability can allow attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions on behalf of users or data exposure. It is essential for organizations using this version to implement security measures and apply updates to protect against this type of attack.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.