CVE-2022-27920

Опубликовано: 25 мар. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.

Ссылки

https://github.com/kiwix/libkiwix/issues/728
Issue Tracking
Patch
Third Party Advisory
https://github.com/kiwix/libkiwix/pull/721
Issue Tracking
Patch
Release Notes
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KD4KX5N2PGMIOQR2IZWEUTZCCTPWU3EJ/
https://github.com/kiwix/libkiwix/issues/728
Issue Tracking
Patch
Third Party Advisory
https://github.com/kiwix/libkiwix/pull/721
Issue Tracking
Patch
Release Notes
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KD4KX5N2PGMIOQR2IZWEUTZCCTPWU3EJ/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:kiwix:libkiwix:10.0.0:*:*:*:*:*:*:*

cpe:2.3:a:kiwix:libkiwix:10.0.1:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.0028

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-27920

CVSS3: 6.1

ubuntu

почти 4 года назад

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.

CVE-2022-27920

CVSS3: 6.1

debian

почти 4 года назад

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functi ...

GHSA-f9mc-pgcm-862f

CVSS3: 6.1

github

почти 4 года назад

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.

EPSS

Процентиль: 51%

0.0028

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79