How severe is CVE-2022-43543?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2022-43543?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2022-43543

MEDIUM Year: 2022

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-116

View all →

Vulnerability Description

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4

CVE-2019-10362

MEDIUM

CVSS:5.4(Medium)

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change...

CWE-1162019

CVE-2021-29854

MEDIUM

CVSS:5.4(Medium)

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remot...

CWE-1162021

CVE-2021-29872

MEDIUM

CVSS:5.4(Medium)

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a s...

CWE-1162021

CVE-2021-39170

MEDIUM

CVSS:5.4(Medium)

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this is...

CWE-1162021

CVE-2022-0450

MEDIUM

CVSS:5.4(Medium)

The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any a...

CWE-1162022

CVE-2022-30966

MEDIUM

CVSS:5.4(Medium)

Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (...

CWE-1162022

CVE-2022-43543

Vulnerability Description

Related Vulnerabilities

CVE-2019-10362

CVE-2021-29854

CVE-2021-29872

CVE-2021-39170

CVE-2022-0450

CVE-2022-30966