admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2022-4520 - CVE-2022-4527

Browse Source
This commit is contained in:
Marc Ruef 2022-12-15 22:01:57 +01:00 committed by GitHub
parent 05a35b52c0
commit 4882e3fa50
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 593 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
2022/4xxx/CVE-2022-4520.json
View File

@ -4,14 +4,108 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4520",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WSO2",
"product": {
"product_data": [
{
"product_name": "carbon-registry",
"version": {
"version_data": [
{
"version_value": "4.8.0"
},
{
"version_value": "4.8.1"
},
{
"version_value": "4.8.2"
},
{
"version_value": "4.8.3"
},
{
"version_value": "4.8.4"
},
{
"version_value": "4.8.5"
},
{
"version_value": "4.8.6"
},
{
"version_value": "4.8.7"
},
{
"version_value": "4.8.8"
},
{
"version_value": "4.8.9"
},
{
"version_value": "4.8.10"
},
{
"version_value": "4.8.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components\/registry\/org.wso2.carbon.registry.search.ui\/src\/main\/resources\/web\/search\/advancedSearchForm-ajaxprocessor.jsp of the component Advanced Search. The manipulation of the argument mediaType\/rightOp\/leftOp\/rightPropertyValue\/leftPropertyValue leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215900."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/wso2\/carbon-registry\/pull\/404"
},
{
"url": "https:\/\/github.com\/wso2\/carbon-registry\/releases\/tag\/v4.8.12"
},
{
"url": "https:\/\/github.com\/wso2\/carbon-registry\/commit\/0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4"
},
{
"url": "https:\/\/vuldb.com\/?id.215900"
}
]
}

88
2022/4xxx/CVE-2022-4521.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "WSO2 carbon-registry Request Parameter cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WSO2",
"product": {
"product_data": [
{
"product_name": "carbon-registry",
"version": {
"version_data": [
{
"version_value": "4.8.0"
},
{
"version_value": "4.8.1"
},
{
"version_value": "4.8.2"
},
{
"version_value": "4.8.3"
},
{
"version_value": "4.8.4"
},
{
"version_value": "4.8.5"
},
{
"version_value": "4.8.6"
},
{
"version_value": "4.8.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.7. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath\/path\/username\/path\/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/wso2\/carbon-registry\/pull\/399"
},
{
"url": "https:\/\/github.com\/wso2\/carbon-registry\/releases\/tag\/v4.8.12"
},
{
"url": "https:\/\/github.com\/wso2\/carbon-registry\/commit\/9f967abfde9317bee2cda469dbc09b57d539f2cc"
},
{
"url": "https:\/\/vuldb.com\/?id.215901"
}
]
}

67
2022/4xxx/CVE-2022-4522.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4522",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "CalendarXP cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "CalendarXP",
"version": {
"version_data": [
{
"version_value": "10.0.0"
},
{
"version_value": "10.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in CalendarXP up to 10.0.1. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 10.0.2 is able to address this issue. The name of the patch is e3715b2228ddefe00113296069969f9e184836da. It is recommended to upgrade the affected component. VDB-215902 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/victorwon\/calendarxp\/commit\/e3715b2228ddefe00113296069969f9e184836da"
},
{
"url": "https:\/\/github.com\/victorwon\/calendarxp\/releases\/tag\/10.0.2"
},
{
"url": "https:\/\/vuldb.com\/?id.215902"
}
]
}

64
2022/4xxx/CVE-2022-4523.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "vexim2 cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "vexim2",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, has been found in vexim2. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 21c0a60d12e9d587f905cd084b2c70f9b1592065. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215903."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/vexim\/vexim2\/pull\/274"
},
{
"url": "https:\/\/github.com\/vexim\/vexim2\/commit\/21c0a60d12e9d587f905cd084b2c70f9b1592065"
},
{
"url": "https:\/\/vuldb.com\/?id.215903"
}
]
}

70
2022/4xxx/CVE-2022-4524.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4524",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Roots soil Plugin CleanUpModule.php language_attributes cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Roots",
"product": {
"product_data": [
{
"product_name": "soil Plugin",
"version": {
"version_data": [
{
"version_value": "4.0"
},
{
"version_value": "4.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.1.0. Affected is the function language_attributes of the file src\/Modules\/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/roots\/soil\/pull\/285"
},
{
"url": "https:\/\/github.com\/roots\/soil\/releases\/tag\/4.1.1"
},
{
"url": "https:\/\/github.com\/roots\/soil\/commit\/0c9151e00ab047da253e5cdbfccb204dd423269d"
},
{
"url": "https:\/\/vuldb.com\/?id.215904"
}
]
}

70
2022/4xxx/CVE-2022-4525.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "National Sleep Research Resource sleepdata.org cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "National Sleep Research Resource",
"product": {
"product_data": [
{
"product_name": "sleepdata.org",
"version": {
"version_data": [
{
"version_value": "59.0.0.ra"
},
{
"version_value": "59.0.0.rb"
},
{
"version_value": "59.0.0.rc"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 59.0.0.rc and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0 is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/nsrr\/sleepdata.org\/commit\/da44a3893b407087829b006d09339780919714cd"
},
{
"url": "https:\/\/github.com\/nsrr\/sleepdata.org\/releases\/tag\/v59.0.0"
},
{
"url": "https:\/\/vuldb.com\/?id.215905"
}
]
}

67
2022/4xxx/CVE-2022-4526.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4526",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "django-photologue Default Template photo_detail.html cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "django-photologue",
"version": {
"version_data": [
{
"version_value": "3.15.0"
},
{
"version_value": "3.15.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue\/templates\/photologue\/photo_detail.html of the component Default Template Handler. The manipulation of the argument object.caption leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.16 is able to address this issue. The name of the patch is 960cb060ce5e2964e6d716ff787c72fc18a371e7. It is recommended to apply a patch to fix this issue. VDB-215906 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/richardbarran\/django-photologue\/issues\/223"
},
{
"url": "https:\/\/github.com\/richardbarran\/django-photologue\/commit\/960cb060ce5e2964e6d716ff787c72fc18a371e7"
},
{
"url": "https:\/\/vuldb.com\/?id.215906"
}
]
}

91
2022/4xxx/CVE-2022-4527.json
View File

@ -4,14 +4,99 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "collective.task table.py AssignedGroupColumn cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "collective.task",
"version": {
"version_data": [
{
"version_value": "3.0.0"
},
{
"version_value": "3.0.1"
},
{
"version_value": "3.0.2"
},
{
"version_value": "3.0.3"
},
{
"version_value": "3.0.4"
},
{
"version_value": "3.0.5"
},
{
"version_value": "3.0.6"
},
{
"version_value": "3.0.7"
},
{
"version_value": "3.0.8"
},
{
"version_value": "3.0.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in collective.task up to 3.0.9. It has been classified as problematic. This affects the function renderCell\/AssignedGroupColumn of the file src\/collective\/task\/browser\/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.0.10 is able to address this issue. The name of the patch is 1aac7f83fa2c2b41d59ba02748912953461f3fac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215907."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/collective\/collective.task\/commit\/1aac7f83fa2c2b41d59ba02748912953461f3fac"
},
{
"url": "https:\/\/github.com\/collective\/collective.task\/releases\/tag\/3.0.10"
},
{
"url": "https:\/\/vuldb.com\/?id.215907"
}
]
}