QwikSec

Security Database

CVE

CWE

Training

CVE-2022-35632

Published: Jul 29, 2022

Modified: Sep 16, 2024

PUBLISHED

Description

The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2.

Vendor	Product	Versions
Rapid7	Velociraptor	affected `0.6.5-2 - < 0.6.5-2`

Weaknesses (CWE)

References

https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.