CVE-2022-4495
collective.dms.basecontent Cross-site Scripting vulnerability
6.1
MEDIUM
CVSS 3.1
EPSS 0.27%
描述
A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent up to 1.6. This issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.7 is able to address this issue. The name of the patch is 6c4d616fcc771822a14ebae5e23f3f6d96d134bd. It is recommended to upgrade the affected component. The identifier VDB-215813 was assigned to this vulnerability.
如何修補 CVE-2022-4495
要修補 CVE-2022-4495,請將受影響套件升級到下列已修補版本。
- —升級至 1.7 或更新版本
- —升級至 6c4d616fcc771822a14ebae5e23f3f6d96d134bd 或更新版本
CVE-2022-4495 正在被利用嗎?
低 — EPSS 為 0.3%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, < 1.7
- from 0, < 6c4d616fcc771822a14ebae5e23f3f6d96d134bd | from 0, < 1.7
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |