CVE-2022-1414

HIGH

3scale API Management 2 - Authenticated Cross-Site Scripting via Inadequate Input Sanitization

Title source: llm
STIX 2.1

Description

3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0076
EPSS Percentile 51.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-1173 CWE-20
Status published
Products (1)
redhat/3scale_api_management 2.0
Published Oct 19, 2022
Tracked Since Feb 18, 2026