CVE-2022-38162
Description
Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS in F-Secure Policy Manager allows remote attackers to inject malicious script via unvalidated parameter.
Vulnerability
A reflected cross-site scripting (XSS) vulnerability exists in F-Secure Policy Manager through 2022-08-10. The vulnerability is due to an unvalidated parameter in an endpoint, allowing remote attackers to provide malicious input that is reflected back to the user. [3]
Exploitation
An attacker can exploit this vulnerability by crafting a request with malicious JavaScript in the unvalidated parameter and tricking a user into clicking a link or visiting a crafted URL. No known exploit has been seen in the wild. [3]
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's browser, potentially leading to information disclosure, session hijacking, or other client-side attacks. [3]
Mitigation
The vendor has released Hotfix 3 to address this vulnerability. Administrators of the affected system should download and deploy the hotfix from the WithSecure support site. [3]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- WithSecure/Policy Managerdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.