Количество 2
Количество 2
CVE-2022-42466
Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release, the inputted strings are properly escaped when rendered.
GHSA-7pfc-cc9x-8p4m
Apache Isis Cross-site Scripting vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-42466 Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release, the inputted strings are properly escaped when rendered. | CVSS3: 6.1 | 22% Средний | больше 3 лет назад |
| GHSA-7pfc-cc9x-8p4m Apache Isis Cross-site Scripting vulnerability | CVSS3: 6.1 | 22% Средний | больше 3 лет назад |
Уязвимостей на страницу