Cross-site Scripting in Ericsson CodeChecker

2022-01-2123:32:32

Google

osv.dev

0.001 Low

EPSS

Percentile

51.0%

JSON

In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.

CPENameOperatorVersion
codecheckereq6.16.0a1
codecheckereq6.17.0
codecheckereq6.16.0
codecheckereq6.18.0
codecheckereq6.18.1

Name	Operator	Version
codechecker	eq	6.16.0a1
codechecker	eq	6.17.0
codechecker	eq	6.16.0
codechecker	eq	6.18.0
codechecker	eq	6.18.1

References

codechecker-demo.eastus.cloudapp.azure.com

github.com/Ericsson/codechecker

github.com/Ericsson/codechecker/commit/72ee51158e6d81150320223b85410c179b9ee2b1

github.com/Ericsson/codechecker/pull/3549

github.com/Ericsson/codechecker/releases/tag/v6.18.2

github.com/Hyperkopite/CVE-2021-44217/blob/main/README.md

nvd.nist.gov/vuln/detail/CVE-2021-44217

user-images.githubusercontent.com/9525971/142965091-e118b012-a7fc-4c2f-ad0c-80aeed6f7ec9.png

0.001 Low

EPSS

Percentile

51.0%

JSON

Related for OSV:GHSA-FXMX-PFM2-85M2