漏洞关键信息 CVE ID: CVE-2026-22587 publish Date: 2026-01-08 Update Date: 2026-01-08 Title: Ideagen DevonWay Reports page stored XSS Description Ideagen DevonWay contains a stored cross-site scripting (XSS) vulnerability. A remote, authenticated attacker could craft a payload in the 'Reports' page that executes when another user views the report. Fixed in version 2.62.4 and 2.62 LTS. CWE CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS Score: 5.5, Severity: MEDIUM (Version 3.1) - Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Score: 4.8, Severity: MEDIUM (Version 4.0) - Vector String: [复杂的CVSS4.0向量字符串] Product Status Vendor: Ideagen Product: DevonWay Affected Versions: 0 before 2.62.4 Credits Fernando Martinez, Trevor La Pay, George Thompson, Natalie Runyan, Sandia National Laboratories References Raw GitHub Content CVE.org