Published: 28/09/2023 Updated: 02/02/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

WebCatalog prior to 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

Vulnerable Product	Search on Vulmon	Subscribe to Product
webcatalog webcatalog

WebCatalog versions prior to 488 call the Electron shellopenExternal function without verifying that the URL is for an http or https resource This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs The victim has to interact with the link ...

CVE-2023-42222 Vulnerability summary WebCatalog before version 4840 calls the Electron shellopenExternal function without verifying that the URL is for an http or https resource, in some circumstances This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols The victim has to interact with the

NVD-CWE-Other https://github.com/itssixtyn3in/CVE-2023-42222 https://webcatalog.io/changelog/https://www.electronjs.org/docs/latest/tutorial/security#15-do-not-use-shellopenexternal-with-untrusted-content http://packetstormsecurity.com/files/176957/WebCatalog-48.4-Arbitrary-Protocol-Execution-Code-Execution.html https://nvd.nist.gov https://github.com/itssixtyn3in/CVE-2023-42222 https://packetstormsecurity.com/files/176957/WebCatalog-48.4-Arbitrary-Protocol-Execution-Code-Execution.html

CVE-2023-42222

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect