Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-43996
HistoryDec 13, 2022 - 12:00 a.m.

CVE-2022-43996

2022-12-1300:00:00
mitre
www.cve.org
1
csaf_provider package
xss
csaf document
content-type
end point
json format
text/html
.html
javascript code
web browser

EPSS

0.001

Percentile

23.0%

JSON

The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain JavaScript code that will execute within the browser context of users inspecting the advisory.

Related

osv 3
veracode 1
cve 1
nvd 1
github 1
prion 1
osv
osv
csaf-poc/csaf_distribution Cross-site Scripting vulnerability
2022-12-14 00:30:23
CVE-2022-43996
2022-12-13 22:15:10
csaf-poc/csaf_distribution Cross-site Scripting vulnerability in github.com/csaf-poc/csaf_distribution
2024-08-21 16:03:59
veracode
veracode
Cross-Site Scripting (XSS)
2022-12-16 07:10:42
cve
cve
CVE-2022-43996
2022-12-13 22:15:10
nvd
nvd
CVE-2022-43996
2022-12-13 22:15:10
github
github
csaf-poc/csaf_distribution Cross-site Scripting vulnerability
2022-12-14 00:30:23
prion
prion
Design/Logic Flaw
2022-12-13 22:15:00

EPSS

0.001

Percentile

23.0%

JSON
Related for CVELIST:CVE-2022-43996
osv3veracode1cve1nvd1github1prion1