CVE-2022-29931: CVE-2022-29931 - Excellium Services

Abstract Advisory Information

A field is vulnerable to reflected Cross-site Scripting (XSS) attack allowing an attacker to execute a JavaScript payload on the page. It is possible to execute it during a GET request.

Author: Mathieu Vivier

Version affected

Name: Raytion

Versions: 7.2.0

Common Vulnerability Scoring System

6.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Patches

7.3.1

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29931

Vulnerability Disclosure Timeline

• 06/04/2022: Vulnerability discovery
• 07/04/2022: Vulnerability Report to CERT-XLM
• 08/04/2022: Vulnerability Report to Vendor through Contact Form
• 08/04/2022: Vulnerability Report to Vendor through investigation at [email protected]
• 13/04/2022: Acknowledge from vendor
• 27/04/2022: The vendor stated that a fix is planned around May 15th
• 29/04/2022: Request CVE IDs to Mitre
• 29/04/2022: CVE IDs assigned CVE-2022-29931
• 20/06/2022: Expected vulnerability disclosure

Our website uses cookies technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, to enable you to use the social media functionalities and assist with our promotional and marketing efforts, and provide content from third parties. You may choose to opt-out from all non-essential cookie or allow them for a better browsing experience. For more information on the use of cookies, Please check our Privacy Notice ACCEPT REJECT