Help Desk
CVE-2022-40322
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
SysAid Help Desk before 22.1.65 allows XSS, aka FR
66542 and 65579.
AnalysisAI
SysAid Help Desk before 22.1.65 allows XSS, aka FR
66542 and 65579. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. SysAid Help Desk before 22.1.65 allows XSS, aka FR
66542 and 65579. Affected products include: Sysaid Help Desk. Version information: before 22.1.65.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262. Rated medium severity (CVSS 6.1), thi
SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258. Rated medium severity (CVSS 6.1), th
SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241. Rated medium severity (CVSS 6
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today