2 matches found
CVE-2022-43996
The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...
CVE-2022-43996
The CVE-2022-43996 issue concerns the csaf_provider package before 0.8.2, where an XSS vulnerability arises when a CSAF document is uploaded as text/html. The upload endpoint accepts valid CSAF advisories (JSON) with Content-Type text/html and filenames ending in .html; when accessed in a browser...