CVE-2022-22944

Summary

VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.

Affected Software

VendorProductVersion RangeStatus
n/aVMware Workspace ONE BoxerVMware Workspace ONE Boxer for iOS prior to 22.02affected

Weaknesses

  • Stored cross-site scripting (XSS) vulnerability

ADP Enrichment

CVE Program Container

Additional References

References