CVE-2022-4513

Published: Dic 15, 2022 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-51853 Aliases: GSD-2022-4513

ExploitDB:

Other exploit source:

Google Dorks:

LOW 3,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: none

Description

AI Translation Available

A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0027

Percentile

0,5th

Updated

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Integrity Availability

Potential Impacts:

Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

707

Improper Neutralization

Incomplete

Abstraction: Pillar Structure: Simple

Common Consequences

Security Scopes Affected:

Other

Potential Impacts:

Other

Applicable Platforms

All platforms may be affected

View CWE Details

Application

Eionet Content Registry by Eea

Product Information

Vendor Eea

Product Eionet Content Registry

Version Range Affected

To 2022-06-27t0948 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:eea:eionet_content_registry:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/eea/eionet.contreg/commit/a120c2153e263e…

Patch Third Party Advisory

https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c…

https://github.com/eea/eionet.contreg/releases/tag/2022-06-…

Third Party Advisory

https://github.com/eea/eionet.contreg/releases/tag/2022-06-27T0948

https://vuldb.com/?id.215885

Third Party Advisory

https://vuldb.com/?id.215885

https://github.com/eea/eionet.contreg/commit/a120c2153e263e…

Patch Third Party Advisory

https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c…

https://github.com/eea/eionet.contreg/releases/tag/2022-06-…

Third Party Advisory

https://github.com/eea/eionet.contreg/releases/tag/2022-06-27T0948

https://vuldb.com/?id.215885

Third Party Advisory

https://vuldb.com/?id.215885

CVE-2022-4513

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Common Consequences

Applicable Platforms

Improper Neutralization

Common Consequences

Applicable Platforms

Eionet Content Registry by Eea

Product Information

Iscriviti alla newsletter