CVE-2022-39020 Information

Description

Multiple instances of XSS (stored and reflected) was found in the application. For example features such as student assessment submission file upload news ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://www.themissinglink.com.au/security-advisories/cve-2022-39020

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1