Sign-up

ID

VAR-202209-0799


CVE

CVE-2022-37724


TITLE

apple's  WebObjects  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-017695

DESCRIPTION

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. apple's WebObjects Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Project Wonder is an open source collection of reusable WebObjects frameworks, applications and extensions open sourced by WOCommunity Association

Trust: 1.71

sources: NVD: CVE-2022-37724 // JVNDB: JVNDB-2022-017695 // VULHUB: VHN-428755

AFFECTED PRODUCTS

vendor:applemodel:webobjectsscope:gteversion:1.0

Trust: 1.0

vendor:applemodel:webobjectsscope:lteversion:5.4.3

Trust: 1.0

vendor:アップルmodel:webobjectsscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:webobjectsscope:eqversion:1.0 to 5.4.3

Trust: 0.8

sources: JVNDB: JVNDB-2022-017695 // NVD: CVE-2022-37724

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-37724
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-37724
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202209-1060
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-37724
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2022-37724
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-017695 // CNNVD: CNNVD-202209-1060 // NVD: CVE-2022-37724

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-428755 // JVNDB: JVNDB-2022-017695 // NVD: CVE-2022-37724

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-1060

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202209-1060

PATCH

title:Top Pageurl:https://www.apple.com/

Trust: 0.8

sources: JVNDB: JVNDB-2022-017695

EXTERNAL IDS

db:NVDid:CVE-2022-37724

Trust: 3.3

db:JVNDBid:JVNDB-2022-017695

Trust: 0.8

db:CNNVDid:CNNVD-202209-1060

Trust: 0.7

db:VULHUBid:VHN-428755

Trust: 0.1

sources: VULHUB: VHN-428755 // JVNDB: JVNDB-2022-017695 // CNNVD: CNNVD-202209-1060 // NVD: CVE-2022-37724

REFERENCES

url:https://github.com/wocommunity/wonder/pull/992

Trust: 2.5

url:https://xmit.xyz/security/webobjects-url-tomfoolery/

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-37724

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-37724/

Trust: 0.6

sources: VULHUB: VHN-428755 // JVNDB: JVNDB-2022-017695 // CNNVD: CNNVD-202209-1060 // NVD: CVE-2022-37724

SOURCES

db:VULHUBid:VHN-428755
db:JVNDBid:JVNDB-2022-017695
db:CNNVDid:CNNVD-202209-1060
db:NVDid:CVE-2022-37724

LAST UPDATE DATE

2024-08-14T14:55:16.337000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-428755date:2022-09-19T00:00:00
db:JVNDBid:JVNDB-2022-017695date:2023-10-16T07:05:00
db:CNNVDid:CNNVD-202209-1060date:2022-09-20T00:00:00
db:NVDid:CVE-2022-37724date:2022-09-19T17:50:52.997

SOURCES RELEASE DATE

db:VULHUBid:VHN-428755date:2022-09-14T00:00:00
db:JVNDBid:JVNDB-2022-017695date:2023-10-16T00:00:00
db:CNNVDid:CNNVD-202209-1060date:2022-09-14T00:00:00
db:NVDid:CVE-2022-37724date:2022-09-14T21:15:10.440