CVE-2022-38358

Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /module/admin_user/add_modify_user.php via the parameters user_name and user_email.
References
Link Resource
https://www.tenable.com/security/research/tra-2022-29 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:eyeofnetwork:eyes_of_network_web:5.3:*:*:*:*:*:*:*

Information

Published : 2022-08-15 16:15

Updated : 2022-08-17 06:42


NVD link : CVE-2022-38358

Mitre link : CVE-2022-38358


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

eyeofnetwork

  • eyes_of_network_web