{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-30T03:03:37.809","vulnerabilities":[{"cve":{"id":"CVE-2022-40739","sourceIdentifier":"twcert@cert.org.tw","published":"2022-10-31T07:15:10.637","lastModified":"2026-06-17T05:01:57.470","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack."},{"lang":"es","value":"La página de generación de informes Ragic no tiene filtrado suficiente para caracteres especiales. Un atacante remoto con privilegios de usuario general puede inyectar JavaScript para realizar un ataque XSS (Reflected Cross-Site Scripting)."}],"affected":[{"source":"twcert@cert.org.tw","affectedData":[{"vendor":"Ragic, Inc.","product":"Ragic","versions":[{"version":"unspecified","lessThanOrEqual":"2022/06/28","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-05-06T19:27:08.458857Z","id":"CVE-2022-40739","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ragic:ragic:*:*:*:*:*:*:*:*","versionEndIncluding":"2022-06-28","matchCriteriaId":"292DCC66-7117-46B3-9132-0C984D3DF357"}]}]}],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-6645-77bf8-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-6645-77bf8-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}