Lucene search

VulDBCVE-2022-4735

HistoryDec 25, 2022 - 4:15 p.m.

CVE-2022-4735

2022-12-2516:15:10

CWE-79

VulDB

web.nvd.nist.gov

cve-2022-4735

asrashley dash-live

vulnerability

remote code execution

cross site scripting

security patch

vdb-216766

nvd

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.2%

JSON

A vulnerability classified as problematic was found in asrashley dash-live. This vulnerability affects the function ready of the file static/js/media.js of the component DOM Node Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 24d01757a5319cc14c4aa1d8b53d1ab24d48e451. It is recommended to apply a patch to fix this issue. VDB-216766 is the identifier assigned to this vulnerability.

Affected configurations

Nvd

Node

dash-live_projectdash-liveRange<2022-03-01

VendorProductVersionCPE
dash-live_projectdash-live*cpe:2.3:a:dash-live_project:dash-live:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dash-live_project	dash-live	*	cpe:2.3:a:dash-live_project:dash-live::::::::

CNA Affected

[
  {
    "vendor": "asrashley",
    "product": "dash-live",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ],
    "modules": [
      "DOM Node Handler"
    ]
  }
]

References

github.com/asrashley/dash-live/commit/24d01757a5319cc14c4aa1d8b53d1ab24d48e451

github.com/asrashley/dash-live/pull/7

vuldb.com/?ctiid.216766

vuldb.com/?id.216766

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.2%

JSON

Related for CVE-2022-4735