EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.
References
Link | Resource |
---|---|
https://www.imperva.com/blog/vulnerability-discovered-in-equalweb-accessibility-widget/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-11-16 16:15
Updated : 2022-11-21 10:23
NVD link : CVE-2022-42960
Mitre link : CVE-2022-42960
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
equalweb
- equalweb_accessibility_widget