GHSA-5pqf-rvm7-3wgw

Опубликовано: 22 дек. 2022

Источник: github

Github: Прошло ревью

CVSS4: 5.3

CVSS3: 6.1

Описание

collective.contact.widget is vulnerable to cross-site scripting

collective.contact.widget is an add-on is part of the collective.contact.* suite. A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496.

Ссылки

Пакеты

Наименование

collective.contact.widget

pip

Затронутые версииВерсия исправления

< 1.13

1.13

EPSS

Процентиль: 44%

0.00213

Низкий

5.3 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2022-4638

Дефекты

CWE-707

CWE-79

Связанные уязвимости

CVE-2022-4638

CVSS3: 3.5

nvd

около 3 лет назад

A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496.

EPSS

Процентиль: 44%

0.00213

Низкий

5.3 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2022-4638

Дефекты

CWE-707

CWE-79