MEDIUM🇬🇧 English

CVE-2022-44875

CVSS 5.4v3.1pub. 2023-03-06upd. 2025-03-06

KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • Kioware

    APP
    Kioware
    ≤ 8.33
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2024-3459HIGH8.4ten sam produkt

KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, whi...

CVE-2024-3460HIGH7.4ten sam produkt

In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already ...

CVE-2023-34641HIGH7.8ten sam produkt

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog ...

CVE-2023-34642HIGH7.8ten sam produkt

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog ...

CVE-2024-3461MEDIUM6.2ten sam produkt

KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the appli...

CVE-2022-44875 — MEDIUM 5.4 | CVEbaza.pl