Versio.io

CVE-2022-2035

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 09-06-2022 05:15
Last modified: - 15-06-2022 04:35
Total changes: - 2

Description

A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
Low
Confidentiality
Low
Integrity
None
Privileges required
Changed
Scope
Required
User interaction
6.1
Base score
2.8
2.7
Exploitability score
Impact score
 

Verification logic

OR
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.1
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.10.206
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.11.284
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.12.336
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.13.375
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.14.415
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.15.441
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.16.465
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.17.530
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.18.561
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.19.564
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.2.21
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.20.576
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.21.607
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.22.619
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.23.635
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.24.654
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.25.671
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.26.679
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.27.690
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.28.724
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.29.750
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.3.78
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.30.754
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.31.768
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.32.770
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.33.795
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.34.814
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.35.820
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.36.829
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.37.850
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.38.876
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.39.878
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.4.87
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.41.886
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.42.898
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.43.910
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.44.912
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.5.89
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.6.108
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.7.120
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.8.164
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=20.1.9.169
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=21.1.1
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=21.1.2.79
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=21.1.3.94
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=21.1.4.148
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=21.1.5.164
vendor=ltgplc AND product=rustici_software_scorm_engine AND version=21.1.6.177
 

Reference

 


Keywords

NVD

 

CVE-2022-2035

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.