CVE-2022-27237
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.
Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en un componente de NI Web Server instalado con varios productos de NI. Dependiendo del producto(s) en uso, la guía de remediación incluye: instalar SystemLink versión 2021 R3 o posterior, instalar FlexLogger 2022 Q2 o posterior, instalar LabVIEW 2021 SP1, instalar G Web Development 2022 R1 o posterior, o instalar Static Test Software Suite versión 1.2 o posterior
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-18 CVE Reserved
- 2022-04-21 CVE Published
- 2023-11-12 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.ni.com/en-us/support/documentation/supplemental/22/cross-site-scripting-vulnerability--in-ni-web-server-component.html | 2022-05-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ni Search vendor "Ni" | Flexlogger Search vendor "Ni" for product "Flexlogger" | 2021 Search vendor "Ni" for product "Flexlogger" and version "2021" | r2 |
Affected
| ||||||
| Ni Search vendor "Ni" | Flexlogger Search vendor "Ni" for product "Flexlogger" | 2021 Search vendor "Ni" for product "Flexlogger" and version "2021" | r3 |
Affected
| ||||||
| Ni Search vendor "Ni" | Flexlogger Search vendor "Ni" for product "Flexlogger" | 2021 Search vendor "Ni" for product "Flexlogger" and version "2021" | r4 |
Affected
| ||||||
| Ni Search vendor "Ni" | G Web Development Software Search vendor "Ni" for product "G Web Development Software" | 2021 Search vendor "Ni" for product "G Web Development Software" and version "2021" | - |
Affected
| ||||||
| Ni Search vendor "Ni" | G Web Development Software Search vendor "Ni" for product "G Web Development Software" | 2021 Search vendor "Ni" for product "G Web Development Software" and version "2021" | community |
Affected
| ||||||
| Ni Search vendor "Ni" | Labview Search vendor "Ni" for product "Labview" | 2021 Search vendor "Ni" for product "Labview" and version "2021" | - |
Affected
| ||||||
| Ni Search vendor "Ni" | Labview Search vendor "Ni" for product "Labview" | 2021 Search vendor "Ni" for product "Labview" and version "2021" | community |
Affected
| ||||||
| Ni Search vendor "Ni" | Static Test Software Suite Search vendor "Ni" for product "Static Test Software Suite" | < 1.2 Search vendor "Ni" for product "Static Test Software Suite" and version " < 1.2" | - |
Affected
| ||||||
| Ni Search vendor "Ni" | Systemlink Search vendor "Ni" for product "Systemlink" | 2020 Search vendor "Ni" for product "Systemlink" and version "2020" | r4 |
Affected
| ||||||
| Ni Search vendor "Ni" | Systemlink Search vendor "Ni" for product "Systemlink" | 2022 Search vendor "Ni" for product "Systemlink" and version "2022" | r1 |
Affected
| ||||||
| Ni Search vendor "Ni" | Systemlink Search vendor "Ni" for product "Systemlink" | 2022 Search vendor "Ni" for product "Systemlink" and version "2022" | r2 |
Affected
| ||||||