CVE-2022-35632
N/A
N/A
Summary
The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rapid7 | Velociraptor | 0.6.5-2 < 0.6.5-2 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.