CVE-2022-35630

{"id": "CVE-2022-35630", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-07-29T17:15:09.427", "references": [{"url": "https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/", "tags": ["Patch", "Vendor Advisory"], "source": "cve@rapid7.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2."}, {"lang": "es", "value": "Un problema de tipo cross-site scripting (XSS) en la generaci\u00f3n de un informe de colecci\u00f3n hac\u00eda posible que clientes maliciosos inyectaran c\u00f3digo JavaScript en el archivo HTML est\u00e1tico. Este problema se resolvi\u00f3 en Velociraptor versi\u00f3n 0.6.5-2"}], "lastModified": "2022-08-04T10:16:36.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:velociraptor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25500856-C930-4911-A709-292339FC5876", "versionEndExcluding": "0.6.5-2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.com"}