CVE-2022-29887

HIGH

Intel Manageability Commander < 2.3 - Unauthenticated Cross-Site Scripting

Title source: llm

Description

Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

References (1)

Core 1

Core References

Vendor Advisory

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html

Scores

CVSS v3 8.1

EPSS 0.0064

EPSS Percentile 70.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

intel/manageability_commander < 2.3

Published Aug 11, 2023

Tracked Since Feb 18, 2026