← Back to CVEs

CVE-2022-24692

MEDIUM

5.4

Description

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code delivery, with the final goal of achieving client-side code execution.

CVE Details

CVSS v3.1 Score5.4

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionREQUIRED

Published7/18/2022

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

dsk:dsknet

Weaknesses (CWE)

CWE-79

References

https://dsk.lu/fr/produits/temps-de-presence(cve@mitre.org)

https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-24688-92.pdf(cve@mitre.org)

https://dsk.lu/fr/produits/temps-de-presence(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-24688-92.pdf(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.