CVE-2022-42960

Published Nov 17, 2022

Last updated 2 years ago

CVSS medium 5.4

Overview

Description: EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.5
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A7093BE-5F98-44EE-9A68-142A7F234CFA"
          },
          {
            "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12E8D6E8-C012-4B1B-9E72-D7CD0A702BB0"
          },
          {
            "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB22CD2D-D548-4F6C-A584-1DEDFAB2E82E"
          },
          {
            "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "436FC64B-101D-4DB7-9419-5A233C327BF8"
          },
          {
            "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BEDAF12-F048-413C-BCD7-DEF17AC62D5B"
          },
          {
            "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC5B47CA-D601-402A-B3B2-0C4B2065CDFF"
          },
          {
            "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "996E28F3-3391-4FD3-B3D0-66328E9FC106"
          },
          {
            "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22ACC779-2FE4-45F0-A026-A942D52F302A"
          },
          {
            "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D1DE653-508B-4386-AD87-12B07471C7C7"
          },
          {
            "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E08F175C-061D-4133-AAA4-C5E3725E296F"
          },
          {
            "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "079E20C3-DF4B-46CA-B2A5-563C0752FF92"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References