2022-07-12 13:47:16 +00:00
{
"CVE_data_meta" : {
2022-07-29 11:54:11 -05:00
"ASSIGNER" : "cve@rapid7.com" ,
"DATE_PUBLIC" : "2022-07-26T17:15:00.000Z" ,
2022-07-12 13:47:16 +00:00
"ID" : "CVE-2022-35632" ,
2022-07-29 11:54:11 -05:00
"STATE" : "PUBLIC" ,
"TITLE" : "XSS in User Interface"
2022-07-12 13:47:16 +00:00
} ,
2022-07-29 11:54:11 -05:00
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Velociraptor" ,
"version" : {
"version_data" : [
{
"version_affected" : "<" ,
"version_name" : "0.6.5-2" ,
"version_value" : "0.6.5-2"
}
]
}
}
]
} ,
"vendor_name" : "Rapid7"
}
]
}
} ,
"credit" : [
{
"lang" : "eng" ,
"value" : "Issue identified and disclosed by Tim Goddard of CyberCX during a security code review"
}
] ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
2022-07-12 13:47:16 +00:00
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2022-07-29 18:00:46 +00:00
"value" : "The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2."
2022-07-12 13:47:16 +00:00
}
]
2022-07-29 11:54:11 -05:00
} ,
"generator" : {
"engine" : "Vulnogram 0.0.9"
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"name" : "https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/"
}
]
} ,
"source" : {
"discovery" : "EXTERNAL"
2022-07-12 13:47:16 +00:00
}
2022-07-29 18:00:46 +00:00
}
