CVE-2022-40257

CVE-2022-40257: An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4

Vendor Cert/Cc
Product VINCE - The Vulnerability Information and Coordination Environment
Weakness CWE-74
Published October 10, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.

Key dates

02Disclosure timeline

October 10, 2022 CVE published
August 3, 2024 Record updated