Lucene search
Veracode Vulnerability DatabaseVERACODE:38581HistoryDec 23, 2022 - 8:49 a.m.
Cross-site Scripting (XSS)
2022-12-2308:49:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
cross-site scripting
widgets
title function
injection
javascript
software
0.001 Low
EPSS
Percentile
25.5%
collective.contact.widget is vulnerable to cross-site scripting. The vulnerability exists because the title function of widgets.py does not properly escape the title attribute before being rendered, allowing an attacker to inject and execute malicious javascript
| CPE | Name | Operator | Version |
|---|---|---|---|
| collective.contact.widget | le | 1.12 | |
| collective.contact.widget | le | 1.12 |
Related
osv
osv
CVE-2022-4638
2022-12-21 22:15:08
PYSEC-2022-42988
2022-12-21 22:15:00
collective.contact.widget is vulnerable to cross-site scripting
2022-12-22 00:30:36
nvd
nvd
CVE-2022-4638
2022-12-21 22:15:08
prion
prion
Cross site scripting
2022-12-21 22:15:00
cvelist
cvelist
cve
cve
CVE-2022-4638
2022-12-21 22:15:08
github
github
collective.contact.widget is vulnerable to cross-site scripting
2022-12-22 00:30:36