CVE-2022-4513

2022-12-1520:15:10

CWE-707

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-4513

vulnerability

european environment agency

eionet.contreg

cross site scripting

upgrade

nvd

vdb-215885

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.5%

JSON

A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability.

Affected configurations

NVD

Node

eeaeionet_content_registryRange<2022-06-27t0948

CPENameOperatorVersion
eea:eionet_content_registryeea eionet content registrylt2022-06-27t0948

CPE	Name	Operator	Version
eea:eionet_content_registry	eea eionet content registry	lt	2022-06-27t0948

CNA Affected

[
  {
    "vendor": "European Environment Agency",
    "product": "eionet.contreg",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]