CVE-2022-40257

Summary

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.

Affected Software

VendorProductVersion RangeStatus
CERT/CCVINCE - The Vulnerability Information and Coordination Environment1.48.0 < 1.50.4affected

Weaknesses

  • CWE-74: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADP Enrichment

CVE Program Container

Additional References

References