How severe is CVE-2022-22115?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2022-22115?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2022-22115

CRITICAL Year: 2022

CVSS v3 Score

9.0

Critical

CVSS v2 Score

3.5

Low

Weakness Type

CWE-79

View all →

Vulnerability Description

In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low privileged attacker can store malicious scripts in the name of the Tag. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, and privileges escalation.

CVE-2016-9470

CRITICAL

CVSS:9.0(Critical)

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables a...

CWE-792016

CVE-2019-17634

CRITICAL

CVSS:9.0(Critical)

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, op...

CWE-792019

CVE-2019-18578

CRITICAL

CVSS:9.0(Critical)

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HT...

CWE-792019

CVE-2019-18588

CRITICAL

CVSS:9.0(Critical)

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scrip...

CWE-792019

CVE-2019-3873

CRITICAL

CVSS:9.0(Critical)

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve ...

CWE-792019

CVE-2019-7551

CRITICAL

CVSS:9.0(Critical)

Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could ena...

CWE-792019

CVE-2022-22115

Vulnerability Description

Related Vulnerabilities

CVE-2016-9470

CVE-2019-17634

CVE-2019-18578

CVE-2019-18588

CVE-2019-3873

CVE-2019-7551