CVE-2022-36368

Published Oct 24, 2022

Last updated 2 years ago

CVSS medium 4.8

Overview

Description: Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.8
Impact score: 2.7
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5945985A-EF94-4F45-9ED7-E3791DDDA119",
            "versionEndExcluding": "2.27"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.27:core_update159:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0310F504-6CA8-45AC-8EFE-C9CA73CEE629"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.27:core_update160:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F50DBC9-2A11-46EF-AC24-B4C18F0D5B39"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.27:core_update161:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4F22F1A-56D0-4BBB-9BF5-36852CCB374E"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.27:core_update162:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA879BC4-C3C1-40FE-BF94-69D76CD7D1B2"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.27:core_update163:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24E1C9ED-8294-4EB9-A93D-8E433BAD2D01"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.27:core_update164:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A676769C-2487-4BE9-82FC-71627E108CB8"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.27:core_update165:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E0E1E29-0785-40DF-A496-A920CA9074CA"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.27:core_update166:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F282D865-DF09-4A08-8EAD-D7207C91421D"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.27:core_update167:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2594A7BE-7DF2-42FA-8A38-206A48D94FB5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References