CVE-2022-4421

2025-06-12 02:05:39 +00:00 · 2022-12-12 14:03:05 +01:00 · 2022-12-12 14:03:05 +01:00 · 2b504f6c1a
commit 2b504f6c1a
parent ab69ec7c1c
1 changed files with 58 additions and 3 deletions
--- a/2022/4xxx/CVE-2022-4421.json
+++ b/2022/4xxx/CVE-2022-4421.json
@ -4,14 +4,69 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-4421",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "TITLE": "rAthena FluxCP Service Desk Image URL view.php cross site scripting",
+        "REQUESTER": "cna@vuldb.com",
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
+    },
+    "generator": "vuldb.com",
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "rAthena",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "FluxCP",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n\/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
+                    }
+                ]
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes\/default\/servicedesk\/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 8a39b2b2bf28353b3503ff1421862393db15aa7e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215304."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "version": "3.1",
+            "baseScore": "3.5",
+            "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https:\/\/github.com\/rathena\/FluxCP\/commit\/8a39b2b2bf28353b3503ff1421862393db15aa7e"
+            },
+            {
+                "url": "https:\/\/vuldb.com\/?id.215304"
            }
        ]
    }