Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for rustici_software_scorm_engine by ltgplc

    CVE-2022-2035 (GCVE-0-2022-2035)

    Vulnerability from nvd – Published: 2022-06-09 14:23 – Updated: 2024-08-03 00:24
    VLAI
    Summary
    A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Rustici Software SCORM Engine Affected: < 20.1.45.914, 21.1.x < 21.1.7.219
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.069Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2022-21"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rustici Software SCORM Engine",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 20.1.45.914, 21.1.x \u003c 21.1.7.219"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions \u003c 20.1.45.914, 21.1.x \u003c 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim\u0027s browser."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-09T14:23:25.000Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/research/tra-2022-21"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnreport@tenable.com",
              "ID": "CVE-2022-2035",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rustici Software SCORM Engine",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 20.1.45.914, 21.1.x \u003c 21.1.7.219"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions \u003c 20.1.45.914, 21.1.x \u003c 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim\u0027s browser."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tenable.com/security/research/tra-2022-21",
                  "refsource": "MISC",
                  "url": "https://www.tenable.com/security/research/tra-2022-21"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2022-2035",
        "datePublished": "2022-06-09T14:23:25.000Z",
        "dateReserved": "2022-06-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:24:44.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2035 (GCVE-0-2022-2035)

    Vulnerability from cvelistv5 – Published: 2022-06-09 14:23 – Updated: 2024-08-03 00:24
    VLAI
    Summary
    A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Rustici Software SCORM Engine Affected: < 20.1.45.914, 21.1.x < 21.1.7.219
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.069Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2022-21"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rustici Software SCORM Engine",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 20.1.45.914, 21.1.x \u003c 21.1.7.219"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions \u003c 20.1.45.914, 21.1.x \u003c 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim\u0027s browser."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-09T14:23:25.000Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/research/tra-2022-21"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnreport@tenable.com",
              "ID": "CVE-2022-2035",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rustici Software SCORM Engine",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 20.1.45.914, 21.1.x \u003c 21.1.7.219"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions \u003c 20.1.45.914, 21.1.x \u003c 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim\u0027s browser."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tenable.com/security/research/tra-2022-21",
                  "refsource": "MISC",
                  "url": "https://www.tenable.com/security/research/tra-2022-21"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2022-2035",
        "datePublished": "2022-06-09T14:23:25.000Z",
        "dateReserved": "2022-06-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:24:44.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }