Scanner gratuitement
LOWCVE-2022-4525CVSS 3.5

National Sleep Research Resource sleepdata.org cross site scripting

traduction en cours…

Plateforme

other

Composant

sleepdata.org

Corrigé dans

58.0.1

AI Confidence: highNVDEPSS 0.3%Révisé: mai 2026
Voir sur NVD
Sauvegarder
Traduction vers votre langue…

CVE-2022-4525 is a cross-site scripting (XSS) vulnerability affecting sleepdata.org versions 58.0 through 58.x. Successful exploitation could allow an attacker to inject malicious scripts into the application, potentially compromising user data or session integrity. The vulnerability is classified as problematic and impacts an unknown functionality within the platform. A fix is available in version 59.0.0.rc.

Impact et Scénarios d'Attaquetraduction en cours…

An attacker could leverage this XSS vulnerability to execute arbitrary JavaScript code within the context of a user's browser session on sleepdata.org. This could lead to the theft of sensitive information, such as user credentials or personal data. Attackers could also redirect users to malicious websites, deface the application, or perform actions on behalf of the user without their knowledge. The impact is amplified if the application is used to manage or store sensitive research data, as a successful attack could compromise the integrity of that data.

Contexte d'Exploitationtraduction en cours…

This vulnerability was publicly disclosed on December 15, 2022. No known active exploitation campaigns have been reported at this time. The CVSS score is LOW (3.5), suggesting a relatively low probability of exploitation. No public proof-of-concept (PoC) code has been released, but the nature of XSS vulnerabilities makes it likely that a PoC will emerge if the vulnerability remains unpatched.

Qui Est à Risquetraduction en cours…

Researchers and users relying on sleepdata.org for data management and analysis are at risk. Organizations using sleepdata.org in environments with sensitive data or critical research processes should prioritize patching to mitigate potential data breaches or service disruptions.

Chronologie de l'Attaque

  1. Disclosure

    disclosure

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu
CISA KEVNO
Exposition InternetÉlevée

EPSS

0.27% (percentile 50%)

Vecteur CVSS

RENSEIGNEMENT SUR LES MENACES· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N3.5LOWAttack VectorNetworkComment l'attaquant atteint la cibleAttack ComplexityLowConditions requises pour exploiterPrivileges RequiredLowNiveau d'authentification requisUser InteractionRequiredSi une action de la victime est requiseScopeUnchangedImpact au-delà du composant affectéConfidentialityNoneRisque d'exposition de données sensiblesIntegrityLowRisque de modification non autorisée de donnéesAvailabilityNoneRisque d'interruption de servicenextguardhq.com · Score de base CVSS v3.1
Que signifient ces métriques?
Attack Vector
Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
Attack Complexity
Faible — aucune condition spéciale requise. Exploitable de manière fiable.
Privileges Required
Faible — tout compte utilisateur valide est suffisant.
User Interaction
Requise — la victime doit ouvrir un fichier, cliquer sur un lien ou visiter une page.
Scope
Inchangé — impact limité au composant vulnérable.
Confidentiality
Aucun — aucun impact sur la confidentialité.
Integrity
Faible — l'attaquant peut modifier certaines données avec un impact limité.
Availability
Aucun — aucun impact sur la disponibilité.

Logiciel Affecté

Composantsleepdata.org
FournisseurNational Sleep Research Resource
Plage affectéeCorrigé dans
58.x – 58.x58.0.1

Classification de Faiblesse (CWE)

CWE-79

Chronologie

  1. Réservé
  2. Publiée
  3. Modifiée
  4. EPSS mis à jour

Mitigation et Contournementstraduction en cours…

The primary mitigation for CVE-2022-4525 is to upgrade sleepdata.org to version 59.0.0.rc or later, which includes the patch da44a3893b407087829b006d09339780919714cd. If immediate upgrading is not possible, consider implementing input validation and output encoding on all user-supplied data to prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide an additional layer of protection. After upgrade, confirm the vulnerability is resolved by attempting to inject a simple script and verifying that it is not executed.

Comment corrigertraduction en cours…

Actualice a la versión 59.0.0 o posterior. Esto solucionará la vulnerabilidad de cross-site scripting. Alternativamente, aplique el parche da44a3893b407087829b006d09339780919714cd.

Newsletter Sécurité CVE

Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.

Questions fréquentestraduction en cours…

What is CVE-2022-4525 — XSS in sleepdata.org?

CVE-2022-4525 is a cross-site scripting (XSS) vulnerability affecting sleepdata.org versions 58.0 through 58.x, allowing attackers to inject malicious scripts.

Am I affected by CVE-2022-4525 in sleepdata.org?

If you are using sleepdata.org versions 58.0 through 58.x, you are potentially affected by this vulnerability.

How do I fix CVE-2022-4525 in sleepdata.org?

Upgrade sleepdata.org to version 59.0.0.rc or later, which includes the patch da44a3893b407087829b006d09339780919714cd.

Is CVE-2022-4525 being actively exploited?

No active exploitation campaigns have been reported, but the vulnerability's nature makes it a potential target.

Where can I find the official sleepdata.org advisory for CVE-2022-4525?

Refer to the sleepdata.org documentation and release notes for details on the vulnerability and the fix.

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitementRechercher des CVE