DOM XSS vulnerability in EqualWeb Accessibility Widget versions 2.0.0 to 2.0.4, 2.1.10, 3.0.0 to 3.0.2, and 4.0.0 to 4.0.1

CVE-2022-42960 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.

Learn more about our Web App Pen Testing.