Lucene search

SuseCVE-2022-21948

HistoryFeb 07, 2023 - 11:15 a.m.

CVE-2022-21948

2023-02-0711:15:09

CWE-79

suse

web.nvd.nist.gov

cve-2022-21948

cross-site scripting

opensuse

paste

vulnerability

svg

nvd

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

50.3%

JSON

An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions.

Affected configurations

Nvd

Node

opensusepasteRange<2011-12-05

VendorProductVersionCPE
opensusepaste*cpe:2.3:a:opensuse:paste:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	paste	*	cpe:2.3:a:opensuse:paste::::::::

CNA Affected

[
  {
    "vendor": "openSUSE",
    "product": "paste",
    "versions": [
      {
        "version": "paste",
        "status": "affected",
        "lessThanOrEqual": "b57b9f87e303a3db9465776e657378e96845493b",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.suse.com/show_bug.cgi?id=1197930

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

50.3%

JSON

Related for CVE-2022-21948