CVE-2022-28795
Summary
| CVE | CVE-2022-28795 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-12 17:15:00 UTC |
| Updated | 2022-04-20 14:35:00 UTC |
| Description | A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Avira | Password Manager | 2.18.4 | All | All | All |
| Application | Avira | Password Manager | 2.18.4.3847 | All | All | All |
| Application | Avira | Password Manager | 2.18.4.3847 | All | All | All |
| Application | Avira | Password Manager | 2.18.4.38471 | All | All | All |
| Application | Avira | Password Manager | 2.18.4.3868 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Norton Security Advisories | MISC | support.norton.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.