CVE-2022-4513

15.12.2022, 20:15

A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.5 LOW	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VulDB	CNA	3.5 LOW	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 29%

Vendor	Product	Version
eea	eionet_content_registry	𝑥 < 2022-06-27t0948

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c6bccb6

https://github.com/eea/eionet.contreg/releases/tag/2022-06-27T0948

https://vuldb.com/?id.215885

https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c6bccb6

https://github.com/eea/eionet.contreg/releases/tag/2022-06-27T0948

https://vuldb.com/?id.215885