CVE-2022-28795

MEDIUM

Published Apr 12, 20224y ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Apr 12, 2022 4y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari.

CVSS Details

Base Score

6.5

Exploitability

2.8

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status

No Known Exploit

No Patch Available

Affected Products 5

Vendor	Product	Version	Range
avira	password_manager	2.18.4	any
avira	password_manager	2.18.4.3847	any
avira	password_manager	2.18.4.3847	any
avira	password_manager	2.18.4.3868	any
avira	password_manager	2.18.4.38471	any

References 1

support.norton.com https://support.norton.com/sp/static/external/tools/security-advisories.html

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.