CVE-2022-40204 MEDIUM

CVE-2022-40204

Vendor Digital Alert Systems

Product DASDEC

Weakness CWE-79 · XSS

Published November 30, 2022

Last update April 16, 2025

View on NVD All CVEs

CVSS base score

4.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login.

Key dates

02Disclosure timeline

November 30, 2022 CVE published

April 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-40204 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-1575 Mega Main Menu <= 2.2.2 - Authenticated (Administrator+) Cross-Site Scripting CVE-2023-46066 WordPress Mediabay Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) CVE-2023-48679 CVE-2026-1187 ZoomifyWP Free <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'filename' Shortcode Attribute CVE-2024-33950 WordPress Archives Calendar Widget plugin <= 1.0.15 - Cross Site Scripting (XSS) vulnerability