Lucene search

K
osvGoogleOSV:CVE-2022-40313
HistorySep 30, 2022 - 5:15 p.m.

CVE-2022-40313

2022-09-3017:15:13
Google
osv.dev
8
mustache template
xss risk
page load

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

38.5%

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

38.5%