cbcvebase.
CVE-2022-21145
published 2022-04-14

CVE-2022-21145: A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request…

PriorityP336medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
77.16%
99.5th percentile
A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.

Affected

1 ranges
VendorProductVersion rangeFixed in
lansweeperlansweeper

Detection & IOCsextracted from sources · hover to see the quote

pathWebUserActions.aspx
snort
SID 58884 - 58894
  • Monitor for specially crafted HTTP requests targeting WebUserActions.aspx that contain JavaScript payload injection attempts (stored XSS).
  • Exploitation of CVE-2022-21145 (TALOS-2022-1442) is detectable via Snort SIDs 58884–58894; ensure Cisco Secure Firewall / Snort ruleset is current.
  • ·Exploitation requires the attacker to be authenticated with proper permissions on the Lansweeper instance.
  • ·Only Lansweeper version 9.1.20.2 is confirmed vulnerable; version 9.2.0 contains the fix.

CVSS provenance

nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.