First published: Mon Apr 11 2022(Updated: )
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ivanti Incapptic Connect | <=1.40.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-22571.
The severity of CVE-2022-22571 is medium with a severity value of 4.8.
CVE-2022-22571 allows an authenticated high privileged user to perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.
CVE-2022-22571 affects Ivanti Incapptic Connect up to version 1.40.3.
To fix CVE-2022-22571, it is recommended to update to the latest version of Ivanti Incapptic Connect.