FKIE_CVE-2022-25256

Vulnerability from fkie_nvd - Published: 2022-02-19 01:15 - Updated: 2024-11-21 06:51
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL.
References
cve@mitre.orghttps://github.com/RobertDra/CVE-2022-25256Broken Link
cve@mitre.orghttps://sas.comProduct
cve@mitre.orghttps://support.sas.com/kb/62/972.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/RobertDra/CVE-2022-25256Broken Link
af854a3a-2127-422b-91ae-364da2661108https://sas.comProduct
af854a3a-2127-422b-91ae-364da2661108https://support.sas.com/kb/62/972.htmlVendor Advisory
Impacted products
Vendor Product Version
sas web_report_studio 4.4
hpe hp-ux_ipfilter -
ibm aix -
linux linux_kernel -
microsoft windows -
oracle solaris -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sas:web_report_studio:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DA45146-E919-457C-A6E1-E6A678B73E47",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hpe:hp-ux_ipfilter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73630607-A91E-4D7C-ABB4-6F677BA3C585",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "289B4B4D-D500-45C9-9BFE-E1A802740EDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "71BFBE5F-56EB-45C9-B558-FC4D7CEA345A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "82132539-3C34-4B63-BE2A-F51077D8BC5A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "63CA0FD9-03F3-4429-96B0-82BA20A7D3D3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL."
    },
    {
      "lang": "es",
      "value": "SAS Web Report Studio versi\u00f3n  4.4, permite un ataque de tipo XSS. El archivo /SASWebReportStudio/logonAndRender.do presenta dos par\u00e1metros: saspfs_request_backlabel_list y saspfs_request_backurl_list. El primero afecta al contenido del bot\u00f3n situado en la parte superior izquierda. El segundo afecta a la p\u00e1gina a la que es dirigida el usuario tras pulsar el bot\u00f3n, por ejemplo, una p\u00e1gina web maliciosa. Adem\u00e1s, el segundo par\u00e1metro ejecuta JavaScript, lo que significa que el ataque de tipo XSS es posible a\u00f1adiendo un javascript: URL"
    }
  ],
  "id": "CVE-2022-25256",
  "lastModified": "2024-11-21T06:51:53.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-19T01:15:08.157",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://github.com/RobertDra/CVE-2022-25256"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://sas.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.sas.com/kb/62/972.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://github.com/RobertDra/CVE-2022-25256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://sas.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.sas.com/kb/62/972.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.