Main Vulnerability Database Vulnerabilities #VU66516

#VU66516 Improper Neutralization of Special Elements in Output Used by a Downstream Component in EyesOfNetwork - CVE-2022-38257

Published: August 16, 2022

Vulnerability identifier: #VU66516

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2022-38257

CWE-ID: CWE-74

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
EyesOfNetwork

Software vendor:
EyesOfNetworkCommunity

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the iFrame injection issue in the "url" parameter in /module/module_frame/index.php. A remote user can trick a victim to load malicious content into their authenticated session and steal the user's credentials or force the client to carry out unwanted actions.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.tenable.com/security/research/tra-2022-29

#VU66516 Improper Neutralization of Special Elements in Output Used by a Downstream Component in EyesOfNetwork - CVE-2022-38257

Description

Remediation

External links

Please verify you're human