CVE-2022-41947

🗓️ 08 Dec 2022 22:14:14Reported by GitHub_MType

DHIS2 file upload feature allows XSS attack by uploading files with embedded javascrip

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2022-41947	9 Dec 202202:12	–	circl
CNNVD	DHIS 2 跨站脚本漏洞	8 Dec 202200:00	–	cnnvd
Cvelist	CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core	8 Dec 202222:14	–	cvelist
EUVD	EUVD-2022-45057	3 Oct 202520:07	–	euvd
NVD	CVE-2022-41947	8 Dec 202223:15	–	nvd
OSV	CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core	8 Dec 202222:14	–	osv
Prion	Cross site scripting	8 Dec 202223:15	–	prion
Positive Technologies	PT-2022-26176 · Dhis2 · Dhis2	8 Dec 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-41947	23 May 202500:41	–	redhatcve
Vulnrichment	CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core	8 Dec 202222:14	–	vulnrichment

NVD

Vulners

Node

dhis2 dhis_2Range2.35.0–2.36.12.1

dhis2 dhis_2Range2.37.0–2.37.8.1

dhis2 dhis_2Range2.38.0–2.38.2.1

dhis2 dhis_2Match2.39.0

[
  {
    "vendor": "dhis2",
    "product": "dhis2-core",
    "versions": [
      {
        "version": "< 2.36.12.1",
        "status": "affected"
      },
      {
        "version": ">= 2.37.0.0, < 2.37.8.1",
        "status": "affected"
      },
      {
        "version": ">= 2.38.0.0, < 2.38.2.1",
        "status": "affected"
      },
      {
        "version": ">= 2.39.0.0, < 2.39.0.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/dhis2/dhis2-core/security/advisories/GHSA-763w-rm78-6xcg
developer	www.developer.mozilla.org/en-US/docs/Web/HTTP/CSP

21 Nov 2024 07:24Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.15.4

EPSS0.00206

SSVC

CWE-79