CVE-2022-4875

Опубликовано: 04 янв. 2023

Источник: nvd

CVSS3: 2.4

CVSS3: 6.1

CVSS2: 3.3

EPSS Низкий

Описание

A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability.

Ссылки

https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553
Patch
https://github.com/fossology/fossology/pull/2356
Patch
https://vuldb.com/?ctiid.217426
Permissions Required
https://vuldb.com/?id.217426
Third Party Advisory
https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553
Patch
https://github.com/fossology/fossology/pull/2356
Patch
https://vuldb.com/?ctiid.217426
Permissions Required
https://vuldb.com/?id.217426
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linuxfoundation:fossology:*:*:*:*:*:*:*:*

Версия до 2023-01-02 (исключая)

EPSS

Процентиль: 60%

0.00405

Низкий

2.4 Low

CVSS3

6.1 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-4875

CVSS3: 2.4

debian

около 3 лет назад

A vulnerability has been found in fossology and classified as problema ...

GHSA-7hrc-f2hg-5rgj

CVSS3: 6.1

github

около 3 лет назад

A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability.

EPSS

Процентиль: 60%

0.00405

Низкий

2.4 Low

CVSS3

6.1 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-79