CVE-2022-3442

Crealogix EBICS ebics.aspx cross site scripting

CVSS 3.5 LOWEPSS 0.5%CWE-707

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.5EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

10 Oct 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability was found in Crealogix EBICS 7.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ebics-server/ebics.aspx. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-210374 is the identifier assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Affected products

Crealogix · EBICS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://vuldb.com/?id.210374 https://www.pentagrid.ch/en/blog/reflected-xss-vulnerability-in-crealogix-ebics-implementation/