CVE-2022-46381

Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 03, 2022
Published Date: December 13, 2022
Last Updated: April 22, 2025
Vendor: Linear
Product: eMerge E3-Series
Description: Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
Tags

CVSS Scores

CVSS v3.1

6.1 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Score: 73.92% (Percentile: 98.75%) as of 2025-07-29

SSVC Information

Exploitation: poc
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2025-07-14 00:00:00 UTC) Source

References

https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-07-15 12:00:44 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-46381.yaml	2025-04-26 00:00:00 UTC

Timeline

CVE ID Reserved

December 03, 2022
CVE Published to Public

December 13, 2022
Detected by Nuclei

April 26, 2025
Added to KEVIntel

July 15, 2025