Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-QV6C-367R-3W6Q
HistoryDec 02, 2022 - 10:26 p.m.

XBlock vulnerable to Cross-Site Scripting (XSS)

2022-12-0222:26:22
Google
osv.dev
13
xblock
cross-site scripting
vulnerability
impact
open edx

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

42.4%

JSON

Impact

XSS Vulnerability in multiple XBlock Fields. Any platform that has deployed the XBlock will be impacted.

Patches

https://github.com/openedx/xblock-drag-and-drop-v2/commit/53c4482f9bb6d8c7ccdf5253bd82c84a222b2492

The fix is compatible with all Open edX releases newer than Lilac.

Workarounds

None.

References

https://github.com/openedx/xblock-drag-and-drop-v2/pull/295#issuecomment-1277693864

Related

cve 1
veracode 1
osv 1
nvd 1
cvelist 1
prion 1
github 1
cve
cve
CVE-2022-46147
2022-11-28 21:15:10
veracode
veracode
Cross-Site Scripting (XSS)
2022-12-05 11:12:49
osv
osv
CVE-2022-46147
2022-11-28 21:15:10
nvd
nvd
CVE-2022-46147
2022-11-28 21:15:10
cvelist
cvelist
CVE-2022-46147 Drag and Drop XBlock v2 has XSS Issues in Xblock Input Fields
2022-11-28 00:00:00
prion
prion
Cross site scripting
2022-11-28 21:15:00
github
github
XBlock vulnerable to Cross-Site Scripting (XSS)
2022-12-02 22:26:22

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

42.4%

JSON
Related for OSV:GHSA-QV6C-367R-3W6Q
cve1veracode1osv1nvd1cvelist1prion1github1