Lucene search

VulDBCVELIST:CVE-2022-4735

HistoryDec 25, 2022 - 3:59 p.m.

CVE-2022-4735 asrashley dash-live DOM Node media.js ready cross site scripting

2022-12-2515:59:34

CWE-79

VulDB

www.cve.org

vulnerability

asrashley dash-live

cross site scripting

media.js

dom node handler

remote attack

patch

vdb-216766

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

34.7%

JSON

A vulnerability classified as problematic was found in asrashley dash-live. This vulnerability affects the function ready of the file static/js/media.js of the component DOM Node Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 24d01757a5319cc14c4aa1d8b53d1ab24d48e451. It is recommended to apply a patch to fix this issue. VDB-216766 is the identifier assigned to this vulnerability.

CNA Affected

[
  {
    "vendor": "asrashley",
    "product": "dash-live",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ],
    "modules": [
      "DOM Node Handler"
    ]
  }
]

References

github.com/asrashley/dash-live/commit/24d01757a5319cc14c4aa1d8b53d1ab24d48e451

github.com/asrashley/dash-live/pull/7

vuldb.com/?ctiid.216766

vuldb.com/?id.216766

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

34.7%

JSON

Related for CVELIST:CVE-2022-4735