{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-40739", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "datePublished": "2022-10-31T06:40:40.592466Z", "dateUpdated": "2024-09-17T00:17:32.560Z", "dateReserved": "2022-09-15T00:00:00"}, "containers": {"cna": {"title": "Ragic, Inc. Ragic - Reflected XSS", "datePublic": "2022-10-31T00:00:00", "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2022-10-31T00:00:00"}, "descriptions": [{"lang": "en", "value": "Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack."}], "affected": [{"vendor": "Ragic, Inc.", "product": "Ragic", "versions": [{"version": "unspecified", "lessThanOrEqual": "2022/06/28", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6645-77bf8-1.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79 Cross-site Scripting (XSS)", "cweId": "CWE-79"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "TVN-202210018", "discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "Update Ragic version to 8/10/2022"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:28:41.518Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6645-77bf8-1.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ragic:ragic:*:*:*:*:*:*:*:*", "matchCriteriaId": "292DCC66-7117-46B3-9132-0C984D3DF357", "versionEndIncluding": "2022-06-28", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack."}, {"lang": "es", "value": "La p\u00e1gina de generaci\u00f3n de informes Ragic no tiene filtrado suficiente para caracteres especiales. Un atacante remoto con privilegios de usuario general puede inyectar JavaScript para realizar un ataque XSS (Reflected Cross-Site Scripting)."}], "id": "CVE-2022-40739", "lastModified": "2022-10-31T20:12:28.220", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2022-10-31T07:15:10.637", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6645-77bf8-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}

{}