CVE-2022-32225

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts.
References
Link Resource
https://www.veeam.com/kb4338 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:veeam:management_pack:8.0:*:*:*:*:microsoft_system_center:*:*

History

20 Jul 2022, 12:46

Type Values Removed Values Added
CWE CWE-79
CPE cpe:2.3:a:veeam:management_pack:8.0:*:*:*:*:microsoft_system_center:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
References (MISC) https://www.veeam.com/kb4338 - (MISC) https://www.veeam.com/kb4338 - Patch, Vendor Advisory

14 Jul 2022, 15:19

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-14 15:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-32225

Mitre link : CVE-2022-32225

CVE.ORG link : CVE-2022-32225


JSON object : View

Products Affected

veeam

  • management_pack
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')