CVE-2022-30770

Description

Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an attacker to mislead an administrator and steal their credentials.

Related CPE's

aterminalfourterminalfour********

aterminalfourterminalfour********

aterminalfourterminalfour********

References

https://docs.terminalfour.com/release-notes/83/8.html

Release NotesVendor Advisory

https://docs.terminalfour.com/release-notes/82/185.html

Release NotesVendor Advisory

https://docs.terminalfour.com/release-notes/82/1821.html

Release NotesVendor Advisory

https://bulletproofsi.com/wp-content/uploads/2022/08/Bulletproof_Vuls_Id_2022-30770.pdf

ExploitThird Party Advisory

https://bulletproofsi.com/wp-content/uploads/2022/10/Bulletproof_Vuls_Id_CVE-2022-30770.pdf

ExploitThird Party Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AttackVector

NETWORK

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

REQUIRED

Scope

CHANGED

ConfidentialityImpact

LOW

IntegrityImpact

LOW

AvailabilityImpact

NONE

BaseScore

6.1

BaseSeverity

MEDIUM

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

4.300000190734863

Created by Yello
About Severity.io