{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-40257","assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","datePublished":"2022-10-10T00:00:00.000Z","dateUpdated":"2024-08-03T12:14:39.964Z","dateReserved":"2022-09-08T00:00:00.000Z"},"containers":{"cna":{"title":"An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4","datePublic":"2022-10-10T00:00:00.000Z","providerMetadata":{"orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc","dateUpdated":"2022-11-01T21:37:41.256Z"},"descriptions":[{"lang":"en","value":"An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field."}],"affected":[{"vendor":"CERT/CC","product":"VINCE - The Vulnerability Information and Coordination Environment","versions":[{"version":"1.48.0","status":"affected","lessThan":"1.50.4","versionType":"custom"}]}],"references":[{"url":"https://github.com/CERTCC/VINCE/issues?q=label%3Asecurity"}],"credits":[{"lang":"en","value":"Rapid7 researcher Nick Sanzotta discovered and reported this security vulnerability to CERT/CC"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","cweId":"CWE-74"}]}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"cveClient/1.0.13"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T12:14:39.964Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/CERTCC/VINCE/issues?q=label%3Asecurity","tags":["x_transferred"]}]}]}}