Описание
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
A Cross-site scripting (XSS) vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document.
Отчет
Red Hat JBoss Core Services already included the flaw fixes when the CVE was published over the version of httpd 2.4.51.SP1 GA.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 9 | libxml2 | Not affected | ||
| Red Hat JBoss Core Services | libxml2 | Not affected | ||
| Red Hat Enterprise Linux 8 | libxml2 | Fixed | RHSA-2022:7715 | 08.11.2022 |
| Red Hat Enterprise Linux 8 | libxml2 | Fixed | RHSA-2022:7715 | 08.11.2022 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | libxml2 | Fixed | RHSA-2023:4767 | 28.08.2023 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2112766libxml2: Incorrect server side include parsing can lead to XSS
EPSS
Процентиль: 28%
0.00098
Низкий
6.1 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
ubuntu
почти 3 года назад
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
CVSS3: 6.1
nvd
почти 3 года назад
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
CVSS3: 6.1
debian
почти 3 года назад
Possible cross-site scripting vulnerability in libxml after commit 960 ...
EPSS
Процентиль: 28%
0.00098
Низкий
6.1 Medium
CVSS3