Cyber Resilience

CVE-2022-4975

High

Published: 27 January 2025

Published
27 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
EPSS Score 0.0023 45.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-4975 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 45.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2022-4975 is a cross-site scripting (XSS) vulnerability, classified under CWE-79, in the Red Hat Advanced Cluster Security (RHACS) portal. The flaw occurs when rendering table views in the portal, such as on /main/configmanagement/* endpoints, where the front-end generates a DOM table element with id="pdf-table" and populates it using innerHTML with unsanitized data. This allows an attacker with some control over the rendered data to inject and execute malicious scripts in the context of the user's browser.

The vulnerability has a CVSS v3.1 base score of 8.9 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L), indicating it is exploitable over the network with low complexity by an attacker possessing low privileges, though it requires user interaction. A successful attack changes scope and can result in high impacts to confidentiality and integrity, with low availability impact, potentially allowing the attacker to steal session cookies, sensitive data, or perform unauthorized actions in the victim's session.

Mitigation details and patches are documented in the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2022-4975 and the related Bugzilla entry at https://bugzilla.redhat.com/show_bug.cgi?id=2071527. Security practitioners should consult these resources for update instructions and workarounds specific to RHACS deployments.

EU & UK References

Vulnerability details

A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id="pdf-table"). This information is then…

more

populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
Why these techniques?

XSS in RHACS portal directly enables browser session hijacking and theft of web session cookies via script execution in victim context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-32277Shared CWE-79
CVE-2026-35035Shared CWE-79
CVE-2026-46367Shared CWE-79
CVE-2025-25102Shared CWE-79
CVE-2025-26918Shared CWE-79
CVE-2025-67923Shared CWE-79
CVE-2026-27655Shared CWE-79
CVE-2026-30919Shared CWE-79
CVE-2025-23883Shared CWE-79
CVE-2026-41904Shared CWE-79

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents XSS by filtering unsanitized data before it is rendered into the DOM table element using innerHTML.

prevent

Validates controlled data inputs to the RHACS portal endpoints before rendering, blocking malicious scripts from being accepted.

prevent

Enforces restrictions on data inputs to configmanagement endpoints, preventing invalid or malicious content that could trigger XSS.

References