A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to improper validation of user-supplied input to MadCap Flare's framework embedded within Black Duck Hub's Help Documentation to supply content. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information.
Published 2022-05-10 20:15:10
Updated 2022-05-18 16:38:18
Source Synopsys
View at NVD,   CVE.org
Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2022-30278

0.14%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-30278

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
4.3
MEDIUM AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
NIST
6.1
MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2.8
2.7
NIST

CWE ids for CVE-2022-30278

References for CVE-2022-30278

Products affected by CVE-2022-30278

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!