CVE-2022-40257 An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4
An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the message. This can result in a cross-site scripting (XSS) attack. CERT/CC VINCE software prior to 1.50.4 does not adequately sanitize user-supplied input to prevent XSS attacks. An unauthenticated user can create a crafted email with HTML content in the message and send it to an affected CERT/CC VINCE server. This can result in a cross-site scripting (XSS) attack. CERT/CC VINCE software prior to 1.50.4 does not adequately sanitize user-supplied input to prevent XSS attacks. An unauthenticated user can create a crafted email with HTML content in the message and send it to an affected CERT/CC VINCE server. This can result in a cross-site scripting (XSS) attack. CERT/CC VINCE software prior to 1.50.4 does not adequately sanitize user-supplied input to prevent XSS attacks. An unauthenticated user can create a crafted email with HTML content in the message and send it to an affected CERT/CC VINCE server. This can result in a cross-site scripting (XSS) attack. CERT/CC VINCE software prior to 1.50.4 does not adequately sanitize user-supplied input to prevent XSS attacks. An
Vulnerability overview
CERT/CC VINCE software prior to 1.50.4 has a vulnerability in which an authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the message. This can result in a cross-site scripting (XSS) attack.
Timeline
Published on: 10/10/2022 20:15:00 UTC
Last modified on: 10/11/2022 18:28:00 UTC