CVE-2022-43706: XSS
First published: Mon Dec 05 2022(Updated: )
Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Stackstorm Stackstorm | <3.8.0 | |
| <3.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-43706?
The severity of CVE-2022-43706 is medium with a severity value of 5.4.
How does CVE-2022-43706 affect StackStorm?
CVE-2022-43706 affects StackStorm versions prior to 3.8.0.
What is the impact of the XSS vulnerability in CVE-2022-43706?
The XSS vulnerability in CVE-2022-43706 allows logged in users with write access to inject arbitrary script or HTML in the Web UI, which can be executed by other logged in users.
How can the XSS vulnerability in CVE-2022-43706 be exploited?
The XSS vulnerability in CVE-2022-43706 can be exploited by logged in users with write access to pack rules who inject malicious script or HTML in the Web UI.
Is there a fix available for CVE-2022-43706?
Yes, a fix is available for CVE-2022-43706 in StackStorm version 3.8.0 and later.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- agent/last-modified-date
- vendor/stackstorm
- canonical/stackstorm stackstorm