VDB-217426 · CVE-2022-4875 · ID 2356

fossology sql/VarValue cross site scripting

I fossology var en problematisksvag punkt finns. Som påverkar en okänd funktion. Manipulering av argumenten sql/VarValue en okänd ingång leder till en sårbarhet klass cross site scripting svag punkt. Den rådgivande finns tillgänglig för nedladdning på github.com. Denna svaga punkt behandlas som CVE-2022-4875. Attacken på nätet kan. Det finns tekniska detaljer känd. Han deklarerade inte definierad. Plåstret kan laddas ner från github.com. Som bläst import av motsvarande fläckar åtgärder rekommenderas. En möjlig åtgärd har utfärdats före och inte efter offentliggörandet.

Fält	04/01/2023 22:39	28/01/2023 12:52	28/01/2023 12:59
name	fossology	fossology	fossology
argument	sql/VarValue	sql/VarValue	sql/VarValue
cwe	79 (cross site scripting)	79 (cross site scripting)	79 (cross site scripting)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	H	H	H
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
identifier	2356	2356	2356
url	https://github.com/fossology/fossology/pull/2356	https://github.com/fossology/fossology/pull/2356	https://github.com/fossology/fossology/pull/2356
name	Lappa	Lappa	Lappa
patch_name	8e0eba001662c7eb35f045b70dd458a4643b4553	8e0eba001662c7eb35f045b70dd458a4643b4553	8e0eba001662c7eb35f045b70dd458a4643b4553
patch_url	https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553	https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553	https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553
advisoryquote	fix(security) fix Reflected XSS vulnerability	fix(security) fix Reflected XSS vulnerability	fix(security) fix Reflected XSS vulnerability
cve	CVE-2022-4875	CVE-2022-4875	CVE-2022-4875
responsible	VulDB	VulDB	VulDB
date	1672786800 (04/01/2023)	1672786800 (04/01/2023)	1672786800 (04/01/2023)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	M	M	M
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	3.3	3.3	3.3
cvss2_vuldb_tempscore	2.9	2.9	2.9
cvss3_vuldb_basescore	2.4	2.4	2.4
cvss3_vuldb_tempscore	2.3	2.3	2.3
cvss3_meta_basescore	2.4	2.4	3.6
cvss3_meta_tempscore	2.3	2.3	3.6
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1672786800 (04/01/2023)	1672786800 (04/01/2023)
cve_nvd_summary		A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability.	A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			M
cvss2_nvd_ci			N
cvss2_nvd_ii			P
cvss2_nvd_ai			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			H
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss2_nvd_basescore			3.3
cvss3_nvd_basescore			6.1
cvss3_cna_basescore			2.4

◂ Tidigare Översikt Nästa ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!