CVE-2022-26888

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.1MEDIUM

EPSS

0.4%

top 38.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Quartus Prime

Timeline

PublishedFeb 16

Description

Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 1.3 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5intel(r)_quartus_prime_pro_and_standard_edition_softwareSee references

▶NVDintel/quartus_prime< 22.1+1

🔴Vulnerability Details

CVEList

CVE-2022-26888: Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information↗2023-02-16

▶

GHSA

GHSA-x75m-fc3j-ppfm: Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information↗2023-02-16

▶