Cross-Site Scripting (XSS)

🗓️ 05 Dec 2022 11:12:49Reported by Veracode Vulnerability DatabaseType

veracode

veracode🔗 sca.analysiscenter.veracode.com👁 20 Views

xblock_drag_and_drop_v2 XSS vulnerability in python scrip

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2022-46147	29 Nov 202200:28	–	circl
CNNVD	Drag and Drop XBlock v2 跨站脚本漏洞	28 Nov 202200:00	–	cnnvd
CVE	CVE-2022-46147	28 Nov 202200:00	–	cve
Cvelist	CVE-2022-46147 Drag and Drop XBlock v2 has XSS Issues in Xblock Input Fields	28 Nov 202200:00	–	cvelist
EUVD	EUVD-2022-0416	3 Oct 202520:07	–	euvd
Github Security Blog	XBlock vulnerable to Cross-Site Scripting (XSS)	2 Dec 202222:26	–	github
NVD	CVE-2022-46147	28 Nov 202221:15	–	nvd
OSV	CVE-2022-46147 Drag and Drop XBlock v2 has XSS Issues in Xblock Input Fields	28 Nov 202200:00	–	osv
OSV	GHSA-QV6C-367R-3W6Q XBlock vulnerable to Cross-Site Scripting (XSS)	2 Dec 202222:26	–	osv
OSV	PYSEC-2022-43175	28 Nov 202221:15	–	osv

Vulners

Node

xblock_drag_and_drop_v2 xblock_drag_and_drop_v2Range2.5.0–2.7.0python

Source	Link
github	www.github.com/openedx/xblock-drag-and-drop-v2/commit/68887d1b4a44325d2de7573d450e41129ba98b1a
github	www.github.com/openedx/xblock-drag-and-drop-v2/commit/53c4482f9bb6d8c7ccdf5253bd82c84a222b2492
github	www.github.com/openedx/xblock-drag-and-drop-v2/releases/tag/v3.0.0
github	www.github.com/openedx/xblock-drag-and-drop-v2/pull/295
github	www.github.com/advisories/GHSA-qv6c-367r-3w6q
github	www.github.com/openedx/xblock-drag-and-drop-v2/commit/68887d1b4a44325d2de7573d450e41129ba98b1a
github	www.github.com/openedx/xblock-drag-and-drop-v2/security/advisories/GHSA-qv6c-367r-3w6q

06 Dec 2022 23:16Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.16.1 - 8.4

EPSS0.00806

cross-site scripting python vulnerability sanitization arbitrary execution