A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553 | Patch |
https://github.com/fossology/fossology/pull/2356 | Patch |
https://vuldb.com/?ctiid.217426 | Permissions Required |
https://vuldb.com/?id.217426 | Third Party Advisory |
Configurations
History
11 Apr 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Oct 2023, 02:59
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://vuldb.com/?ctiid.217426 - Permissions Required | |
CWE | CWE-79 |
20 Oct 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
Summary | A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability. |
11 Jan 2023, 01:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Linuxfoundation
Linuxfoundation fossology |
|
References | (MISC) https://github.com/fossology/fossology/pull/2356 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553 - Patch, Third Party Advisory | |
References | (MISC) https://vuldb.com/?id.217426 - Third Party Advisory | |
References | (MISC) https://vuldb.com/?ctiid.217426 - Third Party Advisory | |
CPE | cpe:2.3:a:linuxfoundation:fossology:*:*:*:*:*:*:*:* |
04 Jan 2023, 22:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-04 22:15
Updated : 2024-04-11 01:17
NVD link : CVE-2022-4875
Mitre link : CVE-2022-4875
CVE.ORG link : CVE-2022-4875
JSON object : View
Products Affected
linuxfoundation
- fossology
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')