Vulnerability Details CVE-2022-2035
A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2022-2035
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.1
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.10.206
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.11.284
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.12.336
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.13.375
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.14.415
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.15.441
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.16.465
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.17.530
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.18.561
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.19.564
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.2.21
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.20.576
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.21.607
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.22.619
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.23.635
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.24.654
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.25.671
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.26.679
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.27.690
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.28.724
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.29.750
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.3.78
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.30.754
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.31.768
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.32.770
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.33.795
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.34.814
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.35.820
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.36.829
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.37.850
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.38.876
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.39.878
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.4.87
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.41.886
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.42.898
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.43.910
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.44.912
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.5.89
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.6.108
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.7.120
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.8.164
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:20.1.9.169
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:21.1.1
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:21.1.2.79
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:21.1.3.94
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:21.1.4.148
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:21.1.5.164
-
cpe:2.3:a:ltgplc:rustici_software_scorm_engine:21.1.6.177