Flexlogger
CVE-2022-27237
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.
AnalysisAI
There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later. Affected products include: Ni Flexlogger, Ni G Web Development Software, Ni Labview, Ni Static Test Software Suite, Ni Systemlink. Version information: version 2021.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Flexlogger
View allIncorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ
Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authentic
NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS
An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may r
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. Rated me
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today