CVE-2022-23165 MEDIUM

CVE-2022-23165: Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS)

Vendor Sysaid

Product Sysaid

Weakness CWE-79 · XSS

Published May 12, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected product to expose the Offline Help Pages. An attacker may gain access to sensitive information or execute client-side code in the browser session of the victim user. Furthermore, an attacker would require the victim to open a malicious link. An attacker may exploit this vulnerability in order to perform phishing attacks. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system

Key dates

02Disclosure timeline

May 12, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-23165 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2022-23165

CWE CWE-79

CVSS 5.5 / MEDIUM

Affected versions

Vendor Sysaid

Product Sysaid

Affected ≥ 22.2.19 cloud version and ≤ 22.2.19

Vendor Sysaid

Product Sysaid

Affected ≥ 22.1.63 on premise version and ≤ 22.1.63

CVE-2022-23165: Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS)

01Description

02Disclosure timeline

03References

04Related CVE