CVE-2022-37952
Summary
| CVE | CVE-2022-37952 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-25 18:15:00 UTC |
| Updated | 2022-08-29 14:01:00 UTC |
| Description | A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ge | Workstationst | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_Works... | CONFIRM | www.ge.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: GE Gas Power would like to thank Ammar Majali for his evaluation and responsible disclosure of this vulnerability.
There are currently no legacy QID mappings associated with this CVE.