CVE-2022-40739

{"id": "CVE-2022-40739", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-10-31T07:15:10.637", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6645-77bf8-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack."}, {"lang": "es", "value": "La p\u00e1gina de generaci\u00f3n de informes Ragic no tiene filtrado suficiente para caracteres especiales. Un atacante remoto con privilegios de usuario general puede inyectar JavaScript para realizar un ataque XSS (Reflected Cross-Site Scripting)."}], "lastModified": "2022-10-31T20:12:28.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ragic:ragic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "292DCC66-7117-46B3-9132-0C984D3DF357", "versionEndIncluding": "2022-06-28"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}