CVE-2022-22944: XSS
First published: Wed Mar 02 2022(Updated: )
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vmware Workspace One Boxer | <22.02 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-22944.
What software is affected by this vulnerability?
VMware Workspace ONE Boxer is affected by this vulnerability.
What type of vulnerability is this?
This is a stored cross-site scripting (XSS) vulnerability.
What is the severity of CVE-2022-22944?
The severity of CVE-2022-22944 is medium.
How can an attacker exploit this vulnerability?
A malicious actor can exploit this vulnerability by injecting script tags into VMware Workspace ONE Boxer calendar event descriptions.
Is there a patch or fix available for this vulnerability?
Yes, VMware has released a security advisory and provided a fix for this vulnerability. Please refer to the reference link for more information.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware workspace one boxer