CVE-2022-45472: n/a in n/a
CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup.
AI Analysis
Technical Summary
CVE-2022-45472 is a medium-severity DOM-based Cross-Site Scripting (XSS) vulnerability identified in CAE LearningSpace Enterprise with the Intuity License, specifically in image 267r patch 639. The vulnerability arises due to improper handling of user input in client-side scripts related to the 'ontouchmove' and 'onpointerup' event handlers. These event handlers are typically used to detect touch and pointer interactions in web applications. The flaw allows an attacker to inject malicious scripts into the Document Object Model (DOM) without proper sanitization or encoding, leading to execution of arbitrary JavaScript code in the context of the victim's browser. The CVSS 3.1 base score is 5.4, reflecting a medium severity level, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), user interaction required (UI:R), scope changed (S:C), and low impact on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). This vulnerability falls under CWE-79, which covers Cross-Site Scripting issues. Exploitation requires the victim to interact with a crafted web page or link, enabling the attacker to potentially steal sensitive information, hijack user sessions, or perform actions on behalf of the user within the affected application. No known exploits are currently reported in the wild, and no official patches or vendor advisories are publicly available at this time. The vulnerability affects a specialized enterprise learning management system, which may be deployed in educational or corporate training environments.
Potential Impact
For European organizations using CAE LearningSpace Enterprise with the Intuity License, this DOM XSS vulnerability poses risks primarily to confidentiality and integrity of user data. Attackers exploiting this flaw could execute malicious scripts in the context of authenticated users, potentially leading to session hijacking, credential theft, or unauthorized actions within the learning platform. This could result in exposure of sensitive training materials, personal information of employees or students, and disruption of training workflows. Given the scope change indicated in the CVSS vector, the vulnerability could allow attackers to escalate their privileges or affect other components within the same domain. The impact is heightened in sectors where training platforms contain regulated or sensitive data, such as government agencies, defense contractors, or critical infrastructure operators in Europe. However, the requirement for user interaction and low privileges limits the ease of exploitation. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers often target educational and enterprise platforms to gain footholds or conduct espionage. Organizations relying heavily on this platform for compliance training or certification may face operational and reputational damage if exploited.
Mitigation Recommendations
To mitigate CVE-2022-45472, European organizations should implement the following specific actions beyond generic XSS prevention: 1) Conduct an immediate audit of all instances of CAE LearningSpace Enterprise with Intuity License to identify affected versions (image 267r patch 639) and isolate vulnerable deployments. 2) Apply any available vendor patches or updates as soon as they are released; if no official patch exists, consider disabling or restricting the use of features relying on 'ontouchmove' and 'onpointerup' event handlers until remediation is available. 3) Implement Content Security Policy (CSP) headers with strict script-src directives to limit execution of unauthorized scripts and reduce the impact of DOM XSS. 4) Employ web application firewalls (WAF) with custom rules to detect and block suspicious payloads targeting touch and pointer event handlers. 5) Educate users about the risks of clicking untrusted links or interacting with suspicious content within the learning platform. 6) Monitor application logs and user activity for anomalies indicative of XSS exploitation attempts. 7) Where feasible, conduct penetration testing focused on client-side event handlers and DOM manipulation to identify and remediate similar vulnerabilities proactively. 8) Consider isolating the learning platform within segmented network zones to limit lateral movement if compromise occurs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden
CVE-2022-45472: n/a in n/a
Description
CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup.
AI-Powered Analysis
Technical Analysis
CVE-2022-45472 is a medium-severity DOM-based Cross-Site Scripting (XSS) vulnerability identified in CAE LearningSpace Enterprise with the Intuity License, specifically in image 267r patch 639. The vulnerability arises due to improper handling of user input in client-side scripts related to the 'ontouchmove' and 'onpointerup' event handlers. These event handlers are typically used to detect touch and pointer interactions in web applications. The flaw allows an attacker to inject malicious scripts into the Document Object Model (DOM) without proper sanitization or encoding, leading to execution of arbitrary JavaScript code in the context of the victim's browser. The CVSS 3.1 base score is 5.4, reflecting a medium severity level, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), user interaction required (UI:R), scope changed (S:C), and low impact on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). This vulnerability falls under CWE-79, which covers Cross-Site Scripting issues. Exploitation requires the victim to interact with a crafted web page or link, enabling the attacker to potentially steal sensitive information, hijack user sessions, or perform actions on behalf of the user within the affected application. No known exploits are currently reported in the wild, and no official patches or vendor advisories are publicly available at this time. The vulnerability affects a specialized enterprise learning management system, which may be deployed in educational or corporate training environments.
Potential Impact
For European organizations using CAE LearningSpace Enterprise with the Intuity License, this DOM XSS vulnerability poses risks primarily to confidentiality and integrity of user data. Attackers exploiting this flaw could execute malicious scripts in the context of authenticated users, potentially leading to session hijacking, credential theft, or unauthorized actions within the learning platform. This could result in exposure of sensitive training materials, personal information of employees or students, and disruption of training workflows. Given the scope change indicated in the CVSS vector, the vulnerability could allow attackers to escalate their privileges or affect other components within the same domain. The impact is heightened in sectors where training platforms contain regulated or sensitive data, such as government agencies, defense contractors, or critical infrastructure operators in Europe. However, the requirement for user interaction and low privileges limits the ease of exploitation. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers often target educational and enterprise platforms to gain footholds or conduct espionage. Organizations relying heavily on this platform for compliance training or certification may face operational and reputational damage if exploited.
Mitigation Recommendations
To mitigate CVE-2022-45472, European organizations should implement the following specific actions beyond generic XSS prevention: 1) Conduct an immediate audit of all instances of CAE LearningSpace Enterprise with Intuity License to identify affected versions (image 267r patch 639) and isolate vulnerable deployments. 2) Apply any available vendor patches or updates as soon as they are released; if no official patch exists, consider disabling or restricting the use of features relying on 'ontouchmove' and 'onpointerup' event handlers until remediation is available. 3) Implement Content Security Policy (CSP) headers with strict script-src directives to limit execution of unauthorized scripts and reduce the impact of DOM XSS. 4) Employ web application firewalls (WAF) with custom rules to detect and block suspicious payloads targeting touch and pointer event handlers. 5) Educate users about the risks of clicking untrusted links or interacting with suspicious content within the learning platform. 6) Monitor application logs and user activity for anomalies indicative of XSS exploitation attempts. 7) Where feasible, conduct penetration testing focused on client-side event handlers and DOM manipulation to identify and remediate similar vulnerabilities proactively. 8) Consider isolating the learning platform within segmented network zones to limit lateral movement if compromise occurs.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-11-18T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d983ec4522896dcbeff33
Added to database: 5/21/2025, 9:09:18 AM
Last enriched: 6/24/2025, 3:19:46 PM
Last updated: 7/30/2025, 3:14:39 AM
Views: 10
Related Threats
CVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalCVE-2025-8675: CWE-918 Server-Side Request Forgery (SSRF) in Drupal AI SEO Link Advisor
MediumCVE-2025-8362: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal GoogleTag Manager
MediumCVE-2025-8361: CWE-962 Missing Authorization in Drupal Config Pages
HighCVE-2025-8092: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal COOKiES Consent Management
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.