CVE-2022-38357 - Vulnerability Details - OpenCVE

Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eyeofnetwork	Eyes Of Network Web

Configuration 1 [-]

cpe:2.3:a:eyeofnetwork:eyes_of_network_web:5.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.spirityenterprise.com/pentest
https://www.tenable.com/security/research/tra-2022-29

History

No history.

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2022-08-15T22:07:49.000Z

Updated: 2024-08-03T10:54:03.231Z

Reserved: 2022-08-15T00:00:00.000Z

Link: CVE-2022-38357

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-15T23:15:09.357

Modified: 2024-11-21T07:16:19.367

Link: CVE-2022-38357

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Eyes of Network Web", "vendor": "n/a", "versions": [{"status": "affected", "version": "5.3"}]}], "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php."}], "problemTypes": [{"descriptions": [{"description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-15T22:07:49.000Z", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2022-29"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2022-38357", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eyes of Network Web", "version": {"version_data": [{"version_value": "5.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2022-29", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2022-29"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:54:03.231Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2022-29"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2022-38357", "datePublished": "2022-08-15T22:07:49.000Z", "dateReserved": "2022-08-15T00:00:00.000Z", "dateUpdated": "2024-08-03T10:54:03.231Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}