CVE-2022-45472

Vulnerability

A DOM-based cross-site scripting (XSS) vulnerability exists in CAE LearningSpace Enterprise with Intuity License, image version 267r, patch level 639. The vulnerability is triggered via the ontouchmove and onpointerup JavaScript event handlers, as identified in [1]. An attacker can inject malicious JavaScript that modifies the Document Object Model (DOM) of the application, leading to client-side code execution.

Exploitation

An attacker can exploit this vulnerability by crafting a payload that is supplied as input to the application, such as via a URL parameter or form field, that is then reflected in the DOM without proper sanitization. The payload is executed when the victim's browser processes the DOM, specifically through the ontouchmove or onpointerup events. The reference [1] describes using manual Burp requests and the Dalfox XSS scanner to identify vulnerable parameters.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser session. This can lead to theft of sensitive data, session hijacking, or further client-side attacks. The reference [1] demonstrates the execution of a simple alert() call and the manipulation of the value HTML attribute.

Mitigation

No official patch or fixed version is listed in the available references [1] at the time of publication. As a general mitigation, developers should sanitize all untrusted data and avoid using user input directly in DOM manipulation, especially in event handler attributes like ontouchmove and onpointerup.