nvd-json-data-feeds/CVE-2022/CVE-2022-370xx/CVE-2022-37063.json

{
  "id": "CVE-2022-37063",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-08-18T18:15:08.403",
  "lastModified": "2022-10-26T17:01:39.490",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the attacker to insert malicious JavaScript code."
    },
    {
      "lang": "es",
      "value": "Todas las versiones de las c\u00e1maras de sensor t\u00e9rmico FLIR AX8 versiones hasta 1.46.16 incluy\u00e9ndola, son vulnerables a un ataque de tipo Cross Site Scripting (XSS) debido a un saneo inapropiado de la entrada. Un atacante remoto autenticado puede ejecutar c\u00f3digo JavaScript arbitrario en la interfaz de administraci\u00f3n web. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante insertar c\u00f3digo JavaScript malicioso."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "1.46.16",
              "matchCriteriaId": "585EFD55-2D2F-4488-AE42-6BA5562FB3A6"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4DACB7-0558-4C74-8EDB-39591236ADEE"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html",
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ]
    },
    {
      "url": "https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.flir.com/products/ax8-automation/",
      "source": "cve@mitre.org",
      "tags": [
        "Product",
        "Vendor Advisory"
      ]
    }
  ]
}