cbcvebase.
CVE-2022-23397
published 2022-03-04

CVE-2022-23397: The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL…

PriorityP277medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.91%
55.6th percentile
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no clear steps of reproduction."

Affected

4 ranges
VendorProductVersion rangeFixed in
cedargateez-net_portal
cedargateez-net_portal
cedargateez-net_portal
cedargateez-net_portal

Detection & IOCsextracted from sources · hover to see the quote

path/EZ-NET60/
  • CVE-2022-23397 is a Reflected XSS triggered via a URL parameter in the portal's message-display function; monitor/alert on requests to EZ-NET endpoints containing unsanitized script payloads in URL parameters
  • ·Vendor disputes the CVE, stating the referenced ado.im report has no clear steps of reproduction; validate exploitability in your environment before treating as confirmed.
  • ·Affected versions are Cedar Gate EZ-NET portal 6.5.5 and 6.8.0; scope detection to those specific versions.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.