CVE-2022-22114 – This is a reflected cross-site scripting (XSS) ... (How to Fix)

Q: What is the severity of CVE-2022-22114?

CVE-2022-22114 has a CVSS score of 9.6 (CRITICAL). This is a reflected cross-site scripting (XSS) vulnerability in Teedy document management system that allows unauthenticated attackers to inject malicious scripts via search functionality. When victims (including administrators) click crafted URLs, session IDs can be stolen leading to full account takeover. Versions v1.5 through v1.9 are affected.

📋 TL;DR

This is a reflected cross-site scripting (XSS) vulnerability in Teedy document management system that allows unauthenticated attackers to inject malicious scripts via search functionality. When victims (including administrators) click crafted URLs, session IDs can be stolen leading to full account takeover. Versions v1.5 through v1.9 are affected.

💻 Affected Systems

Products:

Teedy (formerly Sismics Docs)

Versions: v1.5 through v1.9

Operating Systems: All platforms running Teedy

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with search functionality enabled are vulnerable; no special configuration required

📦 What is this software?

Teedy by Sismics

View all CVEs affecting Teedy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account takeover leading to complete system compromise, data theft, and potential ransomware deployment

🟠

Likely Case

Session hijacking of regular users leading to unauthorized document access and privilege escalation

🟢

If Mitigated

Limited impact with proper input validation and output encoding in place

🌐 Internet-Facing: HIGH - Attackers can craft malicious URLs and send them to victims without authentication

🏢 Internal Only: MEDIUM - Still exploitable by internal attackers or through phishing campaigns

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple reflected XSS requiring victim interaction; exploit code is publicly available in commit references

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.10 and later

Vendor Advisory: https://github.com/sismics/docs/commit/4951229576d6892dc58ab8c572e73639ca82d80c

Restart Required: Yes

Instructions:

1. Backup your Teedy instance and database. 2. Download and install Teedy v1.10 or later from official repository. 3. Restart the Teedy service. 4. Verify the fix by testing search functionality with XSS payloads.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Deploy WAF rules to block XSS patterns in search parameters

# Example ModSecurity rule: SecRule ARGS:q "@rx <script>" "id:1001,phase:2,deny,msg:'XSS attempt in search parameter'"

Input Validation Proxy

linux

Deploy reverse proxy to sanitize search parameters before reaching Teedy

# nginx location block with parameter filtering
location /search {
    proxy_pass http://teedy-backend;
    set $q $arg_q;
    if ($q ~* "[<>]") { return 403; }
}

🧯 If You Can't Patch

Disable search functionality entirely if not critical for operations
Implement Content Security Policy (CSP) headers to restrict script execution

🔍 How to Verify

Check if Vulnerable:

Test search functionality with payload: <script>alert('XSS')</script> or <img src=x onerror=alert(1)>

Check Version:

Check Teedy web interface footer or admin panel for version number

Verify Fix Applied:

After patching, test same XSS payloads - they should be properly encoded or blocked

📡 Detection & Monitoring

Log Indicators:

HTTP requests with script tags in query parameters
Search queries containing HTML/JavaScript special characters
Multiple failed search attempts with malicious patterns

Network Indicators:

URLs with encoded script payloads in search parameters
Requests to search endpoint with suspicious parameter lengths

SIEM Query:

source="teedy_access.log" AND (uri="*search*" AND (query="*<script>*" OR query="*javascript:*" OR query="*onerror=*"))

📊 Metadata

CVE ID: CVE-2022-22114

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-79

Published: January 10, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/sismics/docs/commit/4951229576d6892dc58ab8c572e73639ca82d80c Patch,Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22114 Exploit,Third Party Advisory
https://github.com/sismics/docs/commit/4951229576d6892dc58ab8c572e73639ca82d80c Patch,Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22114 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22114, you might also want to check these: