CVE-2022-4521

EPSS 0.57%
Veröffentlicht 15.12.2022 21:15:12
Zuletzt bearbeitet 21.11.2024 07:35:25
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

WSO2 carbon-registry Request Parameter cross site scripting

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.7 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wso2 ≫ Carbon-registry Version < 4.8.7

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.57%	0.425

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/wso2/carbon-registry/commit/9f967abfde9317bee2cda469dbc09b57d539f2cc

Patch

Third Party Advisory

https://github.com/wso2/carbon-registry/pull/399

Patch

Third Party Advisory

https://github.com/wso2/carbon-registry/releases/tag/v4.8.7

Third Party Advisory

Release Notes

https://vuldb.com/?id.215901

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4521