Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-38489: CVE-2022-38489 - Excellium Services

An issue was discovered in EasyVista 2020.2.125.3 before 2022.1.110.1.02. It is prone to stored Cross-site Scripting (XSS).

CVE
Open in Source
#xss#vulnerability#web#auth

Abstract Advisory Information

Some features of the application are prone to stored Cross-site Scripting (XSS).

Author: Valentin Giannini and Alexis Pain

Version affected

Name: EasyVista

Versions: 2020.2.125.3

Common Vulnerability Scoring System

4.8

CVSS:3.1/AV:N/AC:L/PR:H/UR:R/S:C/C:L/A:N

Patch

2022.1.110.1.02

References

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38489

Vulnerability Disclosure Timeline

  • 17/05/2022: Vulnerability discovery
  • 18/05/2022: Vulnerability Report to CERT-XLM
  • 19/05/2022: Vulnerability Report to Vendor through Contact Form
  • 24/05/2022: Vulnerability Report to Vendor through investigation at “[email protected]
  • 24/05/2022: Vulnerability Report to Vendor through Contact Form
  • 03/06/2022: Vulnerability Report to Vendor through investigation at “[email protected]
  • 03/06/2022: Vulnerability Report to Vendor through Contact Form
  • 03/06/2022: Vendor called, redirect us to support team 08/07/2022: Vulnerability Report to Vendor through investigation at multiple contact point
  • 25/07/2022: Vulnerability Report sent to Vendor through multiple investigations at security contact point
  • 25/07/2022: Phonecall with Vendor
  • 19/08/2022: Updates asked to vendor through multiple investigations
  • 19/08/2022: Updates received from Vendor, fix is done (now awaiting fix for other CVE)
  • 20/08/2022: Request CVE ID to Mitre
  • 20/08/2022: CVE IDs assigned
  • 26/08/2022: Updates asked to vendor
  • 02/09/2022: Updates asked to vendor and CVE ID sent to vendor
  • 05/09/2022: Meeting with vendor to prepare the publication
  • 30/09/2022: Updates asked to vendor
  • 04/10/2022: Multiple call attempts to the vendors
  • 31/10/2022: Expected Vulnerability disclosure

Our website uses cookies technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, to enable you to use the social media functionalities and assist with our promotional and marketing efforts, and provide content from third parties. You may choose to opt-out from all non-essential cookie or allow them for a better browsing experience. For more information on the use of cookies, Please check our Privacy Notice ACCEPT REJECT

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE