CVE-2022-41139: XSS
First published: Mon Oct 17 2022(Updated: )
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MITRE CALDERA | <4.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2022-41139.
What is the severity of CVE-2022-41139?
The severity of CVE-2022-41139 is medium.
How can the stored XSS vulnerability be exploited in MITRE CALDERA 4.1.0?
The stored XSS vulnerability in MITRE CALDERA 4.1.0 can be exploited via the app.contact.gist field, allowing execution of arbitrary commands on agents.
What software version is affected by CVE-2022-41139?
MITRE CALDERA version 4.1.0 is affected by CVE-2022-41139.
Is there a fix available for CVE-2022-41139?
Yes, it is recommended to upgrade to a version higher than 4.1.0 to mitigate the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/mitre
- canonical/mitre caldera