CVE-2022-31688

MEDIUM

VMware Workspace ONE Assist < 22.10 - Reflected Cross-Site Scripting

Title source: llm

Description

VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://www.vmware.com/security/advisories/VMSA-2022-0028.html

Scores

CVSS v3 6.1

EPSS 0.0048

EPSS Percentile 65.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

vmware/workspace_one_assist < 22.10

Published Nov 09, 2022

Tracked Since Feb 18, 2026