Lucene search
GoogleOSV:GHSA-6JP6-9RF9-GC66HistoryFeb 25, 2022 - 10:18 p.m.
Cross-site Scripting in Weblate
2022-02-2522:18:50
Google
osv.dev
26
0.001 Low
EPSS
Percentile
40.4%
Impact
Due to improper neutralization, it was possible to perform cross-site scripting via crafted user and language names.
Patches
The issues were fixed in the 4.11 release. The following commits are addressing it:
- f6753a1a1c63fade6ad418fbda827c6750ab0bda
- 9e19a8414337692cc90da2a91c9af5420f2952f1
- 22d577b1f1e88665a88b4569380148030e0f8389
Workarounds
You can look for crafted user and language names to see if you were affected.
References
- https://hackerone.com/reports/1486674
- https://hackerone.com/reports/1486718
- https://hackerone.com/reports/1485226
For more information
If you have any questions or comments about this advisory:
- Open a topic in discussions
- Email us at [email protected]
References
github.com/WeblateOrg/weblate
github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0f8389
github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2952f1
github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750ab0bda
github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66
nvd.nist.gov/vuln/detail/CVE-2022-24710
Related
osv
osv
CVE-2022-24710
2022-02-25 21:15:08
BIT-weblate-2022-24710
2024-03-06 11:08:18
PYSEC-2022-35
2022-02-25 21:15:00
cve
cve
CVE-2022-24710
2022-02-25 21:15:08
cvelist
cvelist
CVE-2022-24710 Cross-site Scripting in Weblate
2022-02-25 20:50:11
github
github
Cross-site Scripting in Weblate
2022-02-25 22:18:50
veracode
veracode
Cross-site Scripting (XSS)
2022-02-28 10:11:10
prion
prion
Cross site scripting
2022-02-25 21:15:00
nvd
nvd
CVE-2022-24710
2022-02-25 21:15:08
cnvd
cnvd
Weblate Cross-Site Scripting Vulnerability
2022-03-01 00:00:00