A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was released 01/04/2023 as 2356. The advisory is available at github.com. This vulnerability was named CVE-2022-4875. The attack can be initiated remotely. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The patch is identified as 8e0eba001662c7eb35f045b70dd458a4643b4553. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.