Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2022-42960

Vulnerability from fkie_nvd - Published: 2022-11-17 00:15 - Updated: 2025-04-30 16:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Summary

EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.

References

	URL	Tags
	cve@mitre.org	https://www.imperva.com/blog/vulnerability-discovered-in-equalweb-accessibility-widget/	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.imperva.com/blog/vulnerability-discovered-in-equalweb-accessibility-widget/	Third Party Advisory

Impacted products

Vendor	Product	Version
equalweb	equalweb_accessibility_widget	2.0.0
equalweb	equalweb_accessibility_widget	2.0.1
equalweb	equalweb_accessibility_widget	2.0.2
equalweb	equalweb_accessibility_widget	2.0.3
equalweb	equalweb_accessibility_widget	2.0.4
equalweb	equalweb_accessibility_widget	2.1.10
equalweb	equalweb_accessibility_widget	3.0.0
equalweb	equalweb_accessibility_widget	3.0.1
equalweb	equalweb_accessibility_widget	3.0.2
equalweb	equalweb_accessibility_widget	4.0.0
equalweb	equalweb_accessibility_widget	4.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7093BE-5F98-44EE-9A68-142A7F234CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "12E8D6E8-C012-4B1B-9E72-D7CD0A702BB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB22CD2D-D548-4F6C-A584-1DEDFAB2E82E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "436FC64B-101D-4DB7-9419-5A233C327BF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BEDAF12-F048-413C-BCD7-DEF17AC62D5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B47CA-D601-402A-B3B2-0C4B2065CDFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "996E28F3-3391-4FD3-B3D0-66328E9FC106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22ACC779-2FE4-45F0-A026-A942D52F302A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D1DE653-508B-4386-AD87-12B07471C7C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08F175C-061D-4133-AAA4-C5E3725E296F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:equalweb:equalweb_accessibility_widget:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "079E20C3-DF4B-46CA-B2A5-563C0752FF92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js."
    },
    {
      "lang": "es",
      "value": "El Widget de Accesibilidad de EqualWeb 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0 y 4.0.1 permite DOM XSS debido a una validaci\u00f3n inadecuada de eventos de mensajes en accesibilidad.js."
    }
  ],
  "id": "CVE-2022-42960",
  "lastModified": "2025-04-30T16:15:26.523",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-11-17T00:15:18.380",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.imperva.com/blog/vulnerability-discovered-in-equalweb-accessibility-widget/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.imperva.com/blog/vulnerability-discovered-in-equalweb-accessibility-widget/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2022-42960 (GCVE-0-2022-42960)

Vulnerability from cvelistv5 – Published: 2022-11-16 00:00 – Updated: 2025-04-30 15:50

Summary

EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE

n/a

Assigner

mitre

References

URL

Tags

https://www.imperva.com/blog/vulnerability-discov…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.imperva.com/blog/vulnerability-discovered-in-equalweb-accessibility-widget/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-42960",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T15:49:46.788198Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T15:50:34.540Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-16T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.imperva.com/blog/vulnerability-discovered-in-equalweb-accessibility-widget/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-42960",
    "datePublished": "2022-11-16T00:00:00.000Z",
    "dateReserved": "2022-10-15T00:00:00.000Z",
    "dateUpdated": "2025-04-30T15:50:34.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-42960 (GCVE-0-2022-42960)

Vulnerability from nvd – Published: 2022-11-16 00:00 – Updated: 2025-04-30 15:50

Summary

EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE

n/a

Assigner

mitre

References

URL

Tags

https://www.imperva.com/blog/vulnerability-discov…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.imperva.com/blog/vulnerability-discovered-in-equalweb-accessibility-widget/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-42960",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T15:49:46.788198Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T15:50:34.540Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-16T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.imperva.com/blog/vulnerability-discovered-in-equalweb-accessibility-widget/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-42960",
    "datePublished": "2022-11-16T00:00:00.000Z",
    "dateReserved": "2022-10-15T00:00:00.000Z",
    "dateUpdated": "2025-04-30T15:50:34.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

3 vulnerabilities found for equalweb_accessibility_widget by equalweb

FKIE_CVE-2022-42960

CVE-2022-42960 (GCVE-0-2022-42960)

CVE-2022-42960 (GCVE-0-2022-42960)