CVE-2022-23321
MEDIUMCVSS 4.8/10EPSS 0.77%
Last modified
CVE-2022-23321 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.. EPSS estimates a 0.77% chance of exploitation in the next 30 days.
Description
A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Xerox | Xmpie Ustore | 12.3.7244.0 |
References
- http://xmpie.comProduct
- https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/Exploit, Third Party Advisory
- https://www.xmpie.com/ustore-release-notes/Release Notes, Vendor Advisory
- http://xmpie.comProduct
- https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/Exploit, Third Party Advisory
- https://www.xmpie.com/ustore-release-notes/Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-23321?
A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.
How severe is CVE-2022-23321?
CVE-2022-23321 has a CVSS score of 4.8/10 (MEDIUM severity). The EPSS model estimates a 0.77% probability of exploitation in the next 30 days.
How do I fix CVE-2022-23321?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2022-23321?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST