How severe is CVE-2022-23008?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2022-23008?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2022-23008 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related Vulnerabilities

CVE-2017-1242

MEDIUM

CVSS:5.4(Medium)

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web bro...

CWE-942017

CVE-2017-1329

MEDIUM

CVSS:5.4(Medium)

CWE-942017

CVE-2017-1753

MEDIUM

CVSS:5.4(Medium)

Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the securit...

CWE-942017

CVE-2017-6782

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The v...

CWE-942017

CVE-2021-32809

MEDIUM

CVSS:5.4(Medium)

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. Th...

CWE-942021

CVE-2023-0792

MEDIUM

CVSS:5.4(Medium)

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CWE-942023