cvelist/2022/32xxx/CVE-2022-32159.json

{
  "CVE_data_meta" : {
    "ASSIGNER" : "vulnerabilitylab@mend.io",
    "ID" : "CVE-2022-32159",
    "STATE" : "PUBLIC",
    "DATE_PUBLIC" : "Jun 1, 2022, 4:32:50 AM",
    "TITLE" : "Openlibrary - Stored XSS"
  },
  "affects" : {
    "vendor" : {
      "vendor_data" : [ {
        "vendor_name" : "infogami",
        "product" : {
          "product_data" : [ {
            "product_name" : "infogami",
            "version" : {
              "version_data" : [ {
                "version_value" : "0.2",
                "version_affected" : ">="
              }, {
                "version_value" : "0.4",
                "version_affected" : "<="
              } ]
            }
          } ]
        }
      } ]
    }
  },
  "credit" : [ {
    "lang" : "eng",
    "value" : "Mend Vulnerability Research Team (MVR)"
  } ],
  "data_format" : "MITRE",
  "data_type" : "CVE",
  "data_version" : "4.0",
  "description" : {
    "description_data" : [ {
      "lang" : "eng",
      "value" : "In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS.\n"
    } ]
  },
  "generator" : {
    "engine" : "Vulnogram 0.0.9"
  },
  "impact" : {
    "cvss" : {
      "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "attackComplexity" : "LOW",
      "attackVector" : "NETWORK",
      "availabilityImpact" : "NONE",
      "confidentialityImpact" : "LOW",
      "integrityImpact" : "LOW",
      "privilegesRequired" : "LOW",
      "scope" : "CHANGED",
      "userInteraction" : "REQUIRED",
      "version" : 3.1,
      "baseScore" : 5.4,
      "baseSeverity" : "MEDIUM"
    }
  },
  "references" : {
    "reference_data" : [ {
      "refsource" : "MISC",
      "url" : "https://www.mend.io/vulnerability-database/CVE-2022-32159"
    }, {
      "refsource" : "CONFIRM",
      "url" : "https://github.com/internetarchive/infogami/pull/195/commits/ccc2141c5fb093870c9e2742c01336ecca8cd12e"
    } ]
  },
  "problemtype" : {
    "problemtype_data" : [ {
      "description" : [ {
        "lang" : "eng",
        "value" : "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
      } ]
    } ]
  },
  "solution" : [ {
    "lang" : "eng",
    "value" : "Update version to OL_201908 or later"
  } ],
  "source" : {
    "advisory" : "https://www.mend.io/vulnerability-database/",
    "discovery" : "UNKNOWN"
  }
}
"-Synchronized-Data." 2022-06-02 13:45:37 +00:00			`{`
Add CVE-2022-32159 2022-06-22 20:52:37 +03:00			`"CVE_data_meta" : {`
			`"ASSIGNER" : "vulnerabilitylab@mend.io",`
			`"ID" : "CVE-2022-32159",`
			`"STATE" : "PUBLIC",`
			`"DATE_PUBLIC" : "Jun 1, 2022, 4:32:50 AM",`
			`"TITLE" : "Openlibrary - Stored XSS"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [ {`
			`"vendor_name" : "infogami",`
			`"product" : {`
			`"product_data" : [ {`
			`"product_name" : "infogami",`
			`"version" : {`
			`"version_data" : [ {`
			`"version_value" : "0.2",`
			`"version_affected" : ">="`
			`}, {`
			`"version_value" : "0.4",`
			`"version_affected" : "<="`
			`} ]`
"-Synchronized-Data." 2022-06-02 13:45:37 +00:00			`}`
Add CVE-2022-32159 2022-06-22 20:52:37 +03:00			`} ]`
			`}`
			`} ]`
"-Synchronized-Data." 2022-06-02 13:45:37 +00:00			`}`
Add CVE-2022-32159 2022-06-22 20:52:37 +03:00			`},`
			`"credit" : [ {`
			`"lang" : "eng",`
			`"value" : "Mend Vulnerability Research Team (MVR)"`
			`} ],`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [ {`
			`"lang" : "eng",`
			`"value" : "In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS.\n"`
			`} ]`
			`},`
			`"generator" : {`
			`"engine" : "Vulnogram 0.0.9"`
			`},`
			`"impact" : {`
			`"cvss" : {`
			`"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",`
			`"attackComplexity" : "LOW",`
			`"attackVector" : "NETWORK",`
			`"availabilityImpact" : "NONE",`
			`"confidentialityImpact" : "LOW",`
			`"integrityImpact" : "LOW",`
			`"privilegesRequired" : "LOW",`
			`"scope" : "CHANGED",`
			`"userInteraction" : "REQUIRED",`
			`"version" : 3.1,`
			`"baseScore" : 5.4,`
			`"baseSeverity" : "MEDIUM"`
			`}`
			`},`
			`"references" : {`
			`"reference_data" : [ {`
			`"refsource" : "MISC",`
			`"url" : "https://www.mend.io/vulnerability-database/CVE-2022-32159"`
			`}, {`
			`"refsource" : "CONFIRM",`
			`"url" : "https://github.com/internetarchive/infogami/pull/195/commits/ccc2141c5fb093870c9e2742c01336ecca8cd12e"`
			`} ]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [ {`
			`"description" : [ {`
			`"lang" : "eng",`
			`"value" : "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"`
			`} ]`
			`} ]`
			`},`
			`"solution" : [ {`
			`"lang" : "eng",`
			`"value" : "Update version to OL_201908 or later"`
			`} ],`
			`"source" : {`
			`"advisory" : "https://www.mend.io/vulnerability-database/",`
			`"discovery" : "UNKNOWN"`
			`}`
"-Synchronized-Data." 2022-06-02 13:45:37 +00:00			`}`