CVE-2022-4527
collective.task Cross-site Scripting vulnerability
6.1
MEDIUM
CVSS 3.1
EPSS 0.32%
描述
A vulnerability was found in collective.task up to 3.0.9. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.0.10 is able to address this issue. The name of the patch is 1aac7f83fa2c2b41d59ba02748912953461f3fac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215907.
如何修補 CVE-2022-4527
要修補 CVE-2022-4527,請將受影響套件升級到下列已修補版本。
- —升級至 3.0.9 或更新版本
- —升級至 1aac7f83fa2c2b41d59ba02748912953461f3fac 或更新版本
CVE-2022-4527 正在被利用嗎?
低 — EPSS 為 0.3%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, < 3.0.9
- from 0, < 1aac7f83fa2c2b41d59ba02748912953461f3fac | from 0, < 3.0.10
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |