CVE-2022-35632— XSS in User Interface

EPSS 0.50% · P66 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-35632

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

XSS in User Interface

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Velocidex Velociraptor 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Velocidex Velociraptor是澳大利亚Velocidex公司的一种使用 Velociraptor 查询语言 (VQL) 查询收集基于主机的状态信息的工具。 Velocidex Velociraptor 0.6.5-2之前版本存在安全漏洞，该漏洞源于Velociraptor GUI 中的editor suggestion feature不能正确清理字段。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Rapid7	Velociraptor	0.6.5-2 ~ 0.6.5-2	-

II. Public POCs for CVE-2022-35632

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-35632

请登录查看更多情报信息。

Same Patch Batch · Rapid7 · 2022-07-29 · 4 CVEs total

CVE-2022-35629		Velociraptor Client ID Spoofing
CVE-2022-35630		Unsafe HTML Injection in Artifact Collection Report
CVE-2022-35631		Filesystem race on temporary files

IV. Related Vulnerabilities

Same product: Velociraptor

Same vendor: Rapid7

Same weakness: CWE-79

V. Comments for CVE-2022-35632

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-35632— XSS in User Interface

I. Basic Information for CVE-2022-35632

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-35632

III. Intelligence Information for CVE-2022-35632

Same Patch Batch · Rapid7 · 2022-07-29 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-35632

Leave a comment