Lucene search

[email protected]CVE-2022-48197

HistoryJan 02, 2023 - 4:15 p.m.

CVE-2022-48197

2023-01-0216:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-48197

xss

yui2

treeview

security vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON

Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected configurations

NVD

Node

yui_projectyuiRange2000–2800

CPENameOperatorVersion
yui_project:yuiyui project yuile2800

CPE	Name	Operator	Version
yui_project:yui	yui project yui	le	2800

References

packetstormsecurity.com/files/171633/Yahoo-User-Interface-TreeView-2.8.2-Cross-Site-Scripting.html

github.com/ryan412/CVE-2022-48197

github.com/ryan412/CVE-2022-48197/blob/main/README.md

github.com/yui/yui2/blob/yui2-2.8.2-8/sandbox/treeview/inc-rightbar.php

github.com/yui/yui2/tags

literatejava.com/security/is-it-really-a-cve-reported-xss-in-yui-2-8-2/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON

Related for CVE-2022-48197

zdt1 osv1 ubuntucve1 packetstorm1 prion1 nuclei1 nvd1 cvelist1 vulnrichment1 exploitdb1