A vulnerability has been found in falling-fruit and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was released 12/13/2022 as 15adb8e1ea1f1c3e3d152fc266071f621ef0c621. The advisory is available at github.com. This vulnerability was named CVE-2022-4456. The attack can be initiated remotely. There are no technical details available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The patch is identified as 15adb8e1ea1f1c3e3d152fc266071f621ef0c621. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
3 Changes · 61 Data Points