Stored XSS in MITRE CALDERA 4.1.0 via app.contact.gist leading to arbitrary command execution on agents

Stored XSS in MITRE CALDERA 4.1.0 via app.contact.gist leading to arbitrary command execution on agents

CVE-2022-41139 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.

Learn more about our Contact.