CVE-2022-35632

CVE-2022-35632: XSS in User Interface

Vendor Rapid7
Product Velociraptor
Weakness CWE-79 · XSS
Published July 29, 2022
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2.

Key dates

02Disclosure timeline

July 29, 2022 CVE published
September 16, 2024 Record updated