CVE-2022-29931

CVE-2022-29931

by mathildeexlm

Abstract Advisory Information

A field is vulnerable to reflected Cross-site Scripting (XSS) attack allowing an attacker to execute a JavaScript payload on the page. It is possible to execute it during a GET request.

Author: Mathieu Vivier

Version affected

Name: Raytion

Versions: 7.2.0

Common Vulnerability Scoring System

6.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Patches

7.3.1

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29931

Vulnerability Disclosure Timeline

  • 06/04/2022: Vulnerability discovery
  • 07/04/2022: Vulnerability Report to CERT-XLM
  • 08/04/2022: Vulnerability Report to Vendor through Contact Form
  • 08/04/2022: Vulnerability Report to Vendor through investigation at info@raytion.com
  • 13/04/2022: Acknowledge from vendor
  • 27/04/2022: The vendor stated that a fix is planned around May 15th
  • 29/04/2022: Request CVE IDs to Mitre
  • 29/04/2022: CVE IDs assigned CVE-2022-29931
  • 20/06/2022: Expected vulnerability disclosure
Top