CVE-2022-38162

CVE Database · CVE-2022-38162

CVE-2022-38162

· MEDIUMModified

CVSS v3.1

6.1

EPSS

0.67%

Published

Oct 25, 2022

Modified

May 7, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79CWE-79

Affected Products (2)

withsecure · f-secure_policy_managervulnerable

References (6)

https://withsecure.com

Vendor Advisory

https://www.withsecure.com/en/support/security-advisories

Vendor Advisory

https://www.withsecure.com/en/support/security-advisories/cve-2022-38162?_gl=1%2Adtq2t3%2A_up%2AMQ..%2A_ga%2AMTMxOTM1OTA2MC4xNjY2NzIxMjQ0%2A_ga_B5SG5Y2DHS%2AMTY2NjcyMTI0MS4xLjAuMTY2NjcyMTI0MS4wLjAuMA..

https://withsecure.com

Vendor Advisory

https://www.withsecure.com/en/support/security-advisories

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs