fossology sql/VarValue cross site scripting

Una vulnerabilidad ha sido encontrada en fossology y clasificada como problemática. Una función desconocida es afectada por esta vulnerabilidad. Mediante la manipulación del parámetro sql/VarValue de un input desconocido se causa una vulnerabilidad de clase cross site scripting. El advisory puede ser descargado de github.com. La vulnerabilidad es identificada como CVE-2022-4875. El ataque puede ser realizado a través de la red. Los detalles técnicos son conocidos. Fue declarado como no está definido. El parche puede ser descargado de github.com. El mejor modo sugerido para mitigar el problema es aplicar el parche al componente. Una solución posible ha sido publicada incluso antes y no después de la publicación de la vulnerabilidad.

Campo2023-01-04 22:392023-01-28 12:522023-01-28 12:59
namefossologyfossologyfossology
argumentsql/VarValuesql/VarValuesql/VarValue
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifier235623562356
urlhttps://github.com/fossology/fossology/pull/2356https://github.com/fossology/fossology/pull/2356https://github.com/fossology/fossology/pull/2356
nameParcheParcheParche
patch_name8e0eba001662c7eb35f045b70dd458a4643b45538e0eba001662c7eb35f045b70dd458a4643b45538e0eba001662c7eb35f045b70dd458a4643b4553
patch_urlhttps://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553
advisoryquotefix(security) fix Reflected XSS vulnerabilityfix(security) fix Reflected XSS vulnerabilityfix(security) fix Reflected XSS vulnerability
cveCVE-2022-4875CVE-2022-4875CVE-2022-4875
responsibleVulDBVulDBVulDB
date1672786800 (2023-01-04)1672786800 (2023-01-04)1672786800 (2023-01-04)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore3.33.33.3
cvss2_vuldb_tempscore2.92.92.9
cvss3_vuldb_basescore2.42.42.4
cvss3_vuldb_tempscore2.32.32.3
cvss3_meta_basescore2.42.43.6
cvss3_meta_tempscore2.32.33.6
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1672786800 (2023-01-04)1672786800 (2023-01-04)
cve_nvd_summaryA vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability.A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auM
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prH
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aN
cve_cnaVulDB
cvss2_nvd_basescore3.3
cvss3_nvd_basescore6.1
cvss3_cna_basescore2.4

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!