GitHub - Ozozuz/Qlik-View-Stored-XSS

Vulnerability

Stored Cross-Site Scripting

Affected Products and Versions

Qlik View <= 12.60 (Including SR)

CVEID:

CVE-2022-42248.

CVSSv3.1 Score

7.6 (High)

CVSSv3.1 Attack Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Short Description

In QlikView Ajax Client it was possibile to bypass the limitation on the allowed protocols when creating an interactive object via a specially crafted HTTP POST request, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload.

Remediation

Update QlikView to 12.70 SR2 or above

Discoverer

Giulio Garzia

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42248 https://nvd.nist.gov/vuln/detail/CVE-2022-42248 https://community.qlik.com/t5/Release-Notes/QlikView-Release-Notes-May-2022-SR2/ta-p/2037704 (Issue ID: QV-23876)

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Repository files navigation

Vulnerability

Affected Products and Versions

CVEID:

CVSSv3.1 Score

CVSSv3.1 Attack Vector

Short Description

Remediation

Discoverer

Reference

About

Releases

Packages

Ozozuz/Qlik-View-Stored-XSS

Folders and files

Latest commit

History

README.md

README.md

Repository files navigation

Vulnerability

Affected Products and Versions

CVEID:

CVSSv3.1 Score

CVSSv3.1 Attack Vector

Short Description

Remediation

Discoverer

Reference

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages