CVE-2022-23165 is a vulnerability in Sysaid
Published on May 12, 2022
Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS)
Sysaid Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected product to expose the Offline Help Pages. An attacker may gain access to sensitive information or execute client-side code in the browser session of the victim user. Furthermore, an attacker would require the victim to open a malicious link. An attacker may exploit this vulnerability in order to perform phishing attacks. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system
Vulnerability Analysis
CVE-2022-23165 can be exploited with local system access, requires user interaction and a small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2022-23165 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2022-23165
Want to know whenever a new CVE is published for Sysaid? stack.watch will email you.
Affected Versions
Sysaid:- Version 22.2.19 cloud version, <= 22.2.19 is affected.
- Version 22.1.63 on premise version, <= 22.1.63 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.