Lucene search

VulDBCVELIST:CVE-2022-4561

HistoryDec 16, 2022 - 12:00 a.m.

CVE-2022-4561 SemanticDrilldown Extension GET Parameter SDBrowseDataPage.php printFilterLine cross site scripting

2022-12-1600:00:00

CWE-707

VulDB

www.cve.org

vulnerability

semanticdrilldown extension

get parameter handler

cross site scripting

6e18cf740a4548166c1d95f6d3a28541d298a3aa

remote attack

patch

vdb-215964

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

26.4%

JSON

A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/specials/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215964.

CNA Affected

[
  {
    "vendor": "unspecified",
    "product": "SemanticDrilldown Extension",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/wikimedia/mediawiki-extensions-SemanticDrilldown/commit/6e18cf740a4548166c1d95f6d3a28541d298a3aa

vuldb.com/?id.215964

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

26.4%

JSON

Related for CVELIST:CVE-2022-4561