CVE-2022-37775

{"id": "CVE-2022-37775", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-09-16T17:15:12.727", "references": [{"url": "http://genesys.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/168410/Genesys-PureConnect-Cross-Site-Scripting.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cxsecurity.com/issue/WLB-2022090038", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://help.genesys.com/pureconnect/mergedprojects/wh_tr/desktop/pdfs/web_tools_dg.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter."}, {"lang": "es", "value": "El servicio de chat de Genesys PureConnect Interaction Web Tools (hasta al menos el 26 de septiembre de 2019) permite un ataque de tipo XSS dentro del historial de chat imprimible por medio del par\u00e1metro POST JSON del participante -) name"}], "lastModified": "2022-09-20T18:27:25.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:genesys:pureconnect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17D5AA51-3CE3-4170-A1BE-21BA77B52CAA", "versionEndIncluding": "2022-09-26"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}