CVE-2022-4875

A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability.

CVSS v3 2.4 LOW
CVSS v2.0 3.3 LOW

2.4^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:L/Au:M/C:N/I:P/A:N

Exploitability : 6.4 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553	Patch
https://github.com/fossology/fossology/pull/2356	Patch
https://vuldb.com/?ctiid.217426	Permissions Required
https://vuldb.com/?id.217426	Third Party Advisory
https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553	Patch
https://github.com/fossology/fossology/pull/2356	Patch
https://vuldb.com/?ctiid.217426	Permissions Required
https://vuldb.com/?id.217426	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:fossology:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:36

Type	Values Removed	Values Added
References	~~() https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553 - Patch~~	() https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553 - Patch
References	~~() https://github.com/fossology/fossology/pull/2356 - Patch~~	() https://github.com/fossology/fossology/pull/2356 - Patch
References	~~() https://vuldb.com/?ctiid.217426 - Permissions Required~~	() https://vuldb.com/?ctiid.217426 - Permissions Required
References	~~() https://vuldb.com/?id.217426 - Third Party Advisory~~	() https://vuldb.com/?id.217426 - Third Party Advisory
CVSS	v2 : ~~3.3~~ v3 : ~~6.1~~	v2 : 3.3 v3 : 2.4

11 Apr 2024, 01:17

Type	Values Removed	Values Added
Summary		(es) Se ha encontrado una vulnerabilidad en fossology y se ha clasificado como problemática. Esta vulnerabilidad afecta a código desconocido. La manipulación del argumento sql/VarValue conduce a cross-site scripting. El ataque se puede iniciar de forma remota. El parche se identifica como 8e0eba001662c7eb35f045b70dd458a4643b4553. Se recomienda aplicar un parche para solucionar este problema. VDB-217426 es el identificador asignado a esta vulnerabilidad.

29 Oct 2023, 02:59

Type	Values Removed	Values Added
CWE		CWE-79
References	~~(MISC) https://vuldb.com/?ctiid.217426 - Third Party Advisory~~	(MISC) https://vuldb.com/?ctiid.217426 - Permissions Required

20 Oct 2023, 15:15

Type	Values Removed	Values Added
CWE	~~CWE-79~~
Summary	A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability.	A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability.

Information

Published : 2023-01-04 22:15

Updated : 2024-11-21 07:36

NVD link : CVE-2022-4875

Mitre link : CVE-2022-4875

CVE.ORG link : CVE-2022-4875

JSON object : View

Products Affected

linuxfoundation

fossology

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

2.4 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.3 /10

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2022-4875

2.4^/10

3.3^/10

Attach tags to `CVE-2022-4875`