{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43706", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T13:40:06.170Z", "dateReserved": "2022-10-24T00:00:00", "datePublished": "2022-12-05T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-05T00:00:00"}, "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://stackstorm.com/2022/12/v3-8-0-released/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.170Z"}, "title": "CVE Program Container", "references": [{"url": "https://stackstorm.com/2022/12/v3-8-0-released/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stackstorm:stackstorm:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4ED2DBF-F4D1-4C29-9F9C-0253326ABEA7", "versionEndExcluding": "3.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users."}, {"lang": "es", "value": "La vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz de usuario web de las versiones de StackStorm anteriores a la 3.8.0 permit\u00eda a los usuarios registrados con acceso de escritura para empaquetar reglas para inyectar scripts arbitrarios o HTML que pueden ejecutarse en la interfaz de usuario web para otros usuarios conectados."}], "id": "CVE-2022-43706", "lastModified": "2022-12-06T20:33:40.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-05T23:15:09.757", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://stackstorm.com/2022/12/v3-8-0-released/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}