Lucene search

Ubuntu.comUB:CVE-2022-4455

HistoryDec 13, 2022 - 12:00 a.m.

CVE-2022-4455

2022-12-1300:00:00

ubuntu.com

vulnerability

sproctor php-calendar

php-calendar

index.php

cross site scripting

remote attack

patch

vdb-215445

cve-2022-4455

security vulnerability

patching.

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.5%

JSON

A vulnerability, which was classified as problematic, was found in sproctor
php-calendar. This affects an unknown part of the file index.php. The
manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site
scripting. It is possible to initiate the attack remotely. The name of the
patch is a2941109b42201c19733127ced763e270a357809. It is recommended to
apply a patch to fix this issue. The identifier VDB-215445 was assigned to
this vulnerability.

References

github.com/sproctor/php-calendar/commit/a2941109b42201c19733127ced763e270a357809

launchpad.net/bugs/cve/CVE-2022-4455

nvd.nist.gov/vuln/detail/CVE-2022-4455

security-tracker.debian.org/tracker/CVE-2022-4455

vuldb.com/?id.215445

www.cve.org/CVERecord?id=CVE-2022-4455

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.5%

JSON

Related for UB:CVE-2022-4455