CVE-2022-35630

CVE-2022-35630: Unsafe HTML Injection in Artifact Collection Report

Vendor Rapid7

Product Velociraptor

Weakness CWE-79 · XSS

Published July 29, 2022

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2.

Key dates

02Disclosure timeline

July 29, 2022 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-35630 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-2975 GFI KerioConnect Signature EditHtmlSource cross site scripting CVE-2025-62695 Stored XSS through system messages CVE-2023-24966 IBM WebSphere Application Server cross-site scripting CVE-2015-10120 WDS Multisite Aggregate Plugin WDS_Multisite_Aggregate_Options.php update_options cross site scripting CVE-2025-68871 WordPress Dooodl plugin <= 2.3.0 - Reflected Cross Site Scripting (XSS) vulnerability