CVE-2022-4521

EPSS 0.1%
Published 15.12.2022 21:15:12
Last modified 21.11.2024 07:35:25
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.7 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Wso2 ≫ Carbon-registry Version < 4.8.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.278

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/wso2/carbon-registry/commit/9f967abfde9317bee2cda469dbc09b57d539f2cc

Patch

Third Party Advisory

https://github.com/wso2/carbon-registry/pull/399

Patch

Third Party Advisory

https://github.com/wso2/carbon-registry/releases/tag/v4.8.7

Third Party Advisory

Release Notes

https://vuldb.com/?id.215901

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4521

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4521

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4521

EUVD