CVE-2022-32763
15.12.2022, 10:15
A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| lansweeper | lansweeper | 10.1.1.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-184 - Incomplete List of Disallowed InputsThe product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.