Lucene search
K

4 matches found

OSV
OSV
added 2022/10/19 8:15 a.m.14 views

CVE-2022-42466

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...

6.1CVSS6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.5 views

CVE-2022-42466 XSS vulnerability, eg for String properties.

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...

7AI score0.01178EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.34 views

CVE-2022-42466 XSS vulnerability, eg for String properties.

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...

6.4AI score0.01178EPSS
Exploits0References2
CVE
CVE
added 2022/10/19 12:0 a.m.89 views

CVE-2022-42466

Apache Isis prior to version 2.0.0-M9 is affected by a cross-site scripting vulnerability caused by input strings not being escaped when rendered, allowing injected scripts to execute. The issue is addressed in 2.0.0-M9 and later by escaping input strings during rendering. Affected products inclu...

6.1CVSS6.1AI score0.01178EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder