Abstract Advisory Information
The administration interface of the Raytion Custom Security Manager (Raytion CSM) in Version 7.2.0 allows reflected Cross-site Scripting (XSS).
Author: Mathieu Vivier
Version affected
Name: Raytion
Versions: 7.2.0
Common Vulnerability Scoring System
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Patches
7.3.1
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29931
Vulnerability Disclosure Timeline
- 06/04/2022: Vulnerability discovery
- 07/04/2022: Vulnerability Report to CERT-XLM
- 08/04/2022: Vulnerability Report to Vendor through Contact Form
- 08/04/2022: Vulnerability Report to Vendor through investigation at info@raytion.com
- 13/04/2022: Acknowledge from vendor
- 27/04/2022: The vendor stated that a fix is planned around May 15th
- 29/04/2022: Request CVE IDs to Mitre
- 29/04/2022: CVE IDs assigned CVE-2022-29931
- 20/06/2022: Expected vulnerability disclosure