CVE-2022-23458

Опубликовано: 22 сент. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known workarounds.

Ссылки

https://github.com/nhn/tui.grid/commit/e9db5968675ae113c07efc091cce210f2b26854f
Patch
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2022-029_nhn_tui_grid/
Exploit
Third Party Advisory
https://github.com/nhn/tui.grid/commit/e9db5968675ae113c07efc091cce210f2b26854f
Patch
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2022-029_nhn_tui_grid/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nhn:toast_ui_grid:*:*:*:*:*:*:*:*

Версия до 4.21.3 (исключая)

EPSS

Процентиль: 46%

0.00234

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-9rwj-9j2h-fhvm