Abstract Advisory Information
This vulnerability allows an attacker to perform an action on behalf of the user, exfiltrate data, in some cases, perform network discovery operations or run requests against other web applications from the browser of the user.
Author: Elliot RASCH
Vendor: Black Rainbow
Common Vulnerability Scoring System
Vulnerability Disclosure Timeline
- 26/01/2022: Vulnerability discovery
- 27/01/2022: Vulnerability Report to CERT-XLM
- 27/01/2022: Vulnerability Report to Vendor through Contact Form
- 04/02/2022: Vulnerability Report to the Vendor through Contact Form
- 04/02/2022: Vulnerability Report to the Vendor through investigation at firstname.lastname@example.org
- 04/02/2022: Acknowledge from the vendor
- 11/02/2022: Publication planning with the vendor
- 11/02/2022: Request CVE IDs to Mitre
- 11/02/2022: CVE IDs assigned Use CVE-2022-24967.
- 29/04/2022: Expected Vulnerability disclosure
- 05/05/2022: New expected Vulnerability disclosure date as to vendor request
- 06/05/2022: Called vendor to discuss disclosure details.
- 25/05/2022: Vulnerability disclosure
Find other vulnerabilities in our Security Advisory section.