CVE-2022-27237 — Cross-site Scripting in Static Test Software Suite

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

6.1MEDIUMNVD

EPSS

0.5%

top 34.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NI Static Test Software Suite NI Flexlogger NI G WEB Development Software +2 more

Timeline

PublishedApr 21

Latest updateApr 22

Description

There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

▶NVDni/static_test_software_suite< 1.2

▶NVDni/g_web_development_software2021

▶NVDni/labview2021

▶NVDni/flexlogger2021

▶NVDni/systemlink2020, 2022+1

Patches

Patch: www.ni.com ↗Patch: www.ni.com ↗

🔴Vulnerability Details

GHSA

GHSA-4qj7-6xgq-rgvw: There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products↗2022-04-22

▶