Details of VAR-202209-0858

ID

VAR-202209-0858

CVE

CVE-2022-31861

TITLE

ThingsBoard, Inc. of ThingsBoard Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-017250

DESCRIPTION

Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs. ThingsBoard, Inc. of ThingsBoard Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. ThingsBoard IoT Platform is an open source IoT platform for data collection, processing, visualization and device management from ThingsBoard

Trust: 2.16

sources: NVD: CVE-2022-31861 // JVNDB: JVNDB-2022-017250 // CNNVD: CNNVD-202209-955

AFFECTED PRODUCTS

vendor:	thingsboard	model:	thingsboard	scope:	lte	version:	3.3.4.1	Trust: 1.0
vendor:	thingsboard	model:	thingsboard	scope:	eq	version:	-	Trust: 0.8
vendor:	thingsboard	model:	thingsboard	scope:	lte	version:	3.3.4.1 and earlier	Trust: 0.8
vendor:	thingsboard	model:	thingsboard	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-017250 // NVD: CVE-2022-31861

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-31861
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-202209-955
value:	MEDIUM
Trust: 0.6

NVD:
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-31861
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-017250 // NVD: CVE-2022-31861 // CNNVD: CNNVD-202209-955

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-017250 // NVD: CVE-2022-31861

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-955

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202209-955

CONFIGURATIONS

sources: NVD: CVE-2022-31861

PATCH

title:

ThingsBoard IoT Platform Fixes for cross-site scripting vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=208145

Trust: 0.6

sources: CNNVD: CNNVD-202209-955

EXTERNAL IDS

db:	NVD	id:	CVE-2022-31861	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-017250	Trust: 0.8
db:	CNNVD	id:	CNNVD-202209-955	Trust: 0.6

sources: JVNDB: JVNDB-2022-017250 // NVD: CVE-2022-31861 // CNNVD: CNNVD-202209-955

REFERENCES

url:	https://securityblog101.blogspot.com/2022/09/cve-2022-31861.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31861	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-31861/	Trust: 0.6

sources: JVNDB: JVNDB-2022-017250 // NVD: CVE-2022-31861 // CNNVD: CNNVD-202209-955

SOURCES

db:	JVNDB	id:	JVNDB-2022-017250
db:	NVD	id:	CVE-2022-31861
db:	CNNVD	id:	CNNVD-202209-955

LAST UPDATE DATE

2023-12-18T11:55:39.131000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-017250	date:	2023-10-11T08:54:00
db:	NVD	id:	CVE-2022-31861	date:	2022-09-17T01:30:24.807
db:	CNNVD	id:	CNNVD-202209-955	date:	2022-09-19T00:00:00

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-017250	date:	2023-10-11T00:00:00
db:	NVD	id:	CVE-2022-31861	date:	2022-09-13T22:15:08.947
db:	CNNVD	id:	CNNVD-202209-955	date:	2022-09-13T00:00:00