{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-47187", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2022-12-12T17:08:47.302Z", "datePublished": "2023-09-28T13:30:27.188Z", "dateUpdated": "2024-09-23T18:54:02.859Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "UPS CS141", "vendor": "Generex", "versions": [{"lessThan": "2.06", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Joel G\u00e1mez Molina (@JoelGMSec)"}], "datePublic": "2023-03-02T23:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.</p>"}], "value": "There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-09-28T13:30:27.188Z"}, "references": [{"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"}, {"tags": ["release-notes"], "url": "https://www.generex.de/support/changelogs/cs141/2-12"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.</p>"}], "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.\n\n"}], "source": {"advisory": "INCIBE-2023-0071", "discovery": "EXTERNAL"}, "title": "File upload XSS vulnerability in Generex CS141", "x_generator": {"engine": "Vulnogram 0.0.9"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:47:29.378Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141", "tags": ["x_transferred"]}, {"tags": ["release-notes", "x_transferred"], "url": "https://www.generex.de/support/changelogs/cs141/2-12"}]}, {"affected": [{"vendor": "generex", "product": "ups-cs141", "cpes": ["cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.06", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T18:52:27.863483Z", "id": "CVE-2022-47187", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T18:54:02.859Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141", "tags": ["x_transferred"]}, {"url": "https://www.generex.de/support/changelogs/cs141/2-12", "tags": ["release-notes", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:47:29.378Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-47187", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-23T18:52:27.863483Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*"], "vendor": "generex", "product": "ups-cs141", "versions": [{"status": "affected", "version": "0", "lessThan": "2.06", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T18:53:53.192Z"}}], "cna": {"title": "File upload XSS vulnerability in Generex CS141", "source": {"advisory": "INCIBE-2023-0071", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Joel G\u00e1mez Molina (@JoelGMSec)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Generex", "product": "UPS CS141", "versions": [{"status": "affected", "version": "0", "lessThan": "2.06", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.</p>", "base64": false}]}], "datePublic": "2023-03-02T23:00:00.000Z", "references": [{"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"}, {"url": "https://www.generex.de/support/changelogs/cs141/2-12", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-09-28T13:30:27.188Z"}}}, "cveMetadata": {"cveId": "CVE-2022-47187", "state": "PUBLISHED", "dateUpdated": "2024-09-23T18:54:02.859Z", "dateReserved": "2022-12-12T17:08:47.302Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2023-09-28T13:30:27.188Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:generex:cs141_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "45AC1134-C83A-435F-AFCB-32CC1E691C9E", "versionEndExcluding": "2.06", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:generex:cs141:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE00F7F0-4011-4F62-9E11-1BBDDCE4F46B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\n\n"}, {"lang": "es", "value": "Hay una vulnerabilidad XSS de carga de archivos en Generex CS141 por debajo de la versi\u00f3n 2.06. La aplicaci\u00f3n web permite la carga de archivos, posibilitando la carga de un archivo con contenido HTML. Cuando se permiten archivos HTML, el payload XSS se puede inyectar en el archivo cargado."}], "id": "CVE-2022-47187", "lastModified": "2024-11-21T07:31:40.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-28T14:15:17.927", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Release Notes"], "url": "https://www.generex.de/support/changelogs/cs141/2-12"}, {"source": "cve-coordination@incibe.es", "tags": ["Not Applicable"], "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.generex.de/support/changelogs/cs141/2-12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}