exploitDog

CVE-2022-21948

Опубликовано: 07 фев. 2023

Источник: nvd

CVSS3: 4.3

CVSS3: 6.1

EPSS Низкий

Описание

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions.

Ссылки

https://bugzilla.suse.com/show_bug.cgi?id=1197930
Exploit
Issue Tracking
Patch
https://bugzilla.suse.com/show_bug.cgi?id=1197930
Exploit
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opensuse:paste:*:*:*:*:*:*:*:*

Версия до 2011-12-05 (исключая)

EPSS

Процентиль: 17%

0.00053

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-v8jx-vx6h-6c48

CVSS3: 6.1

github

около 3 лет назад

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions.

EPSS

Процентиль: 17%

0.00053

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79