CVE-2022-1243 - OpenCVE

CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Uri.js Project	Uri.js

Configuration 1 [-]

cpe:2.3:a:uri.js_project:uri.js:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae
https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-04-05T15:05:18

Updated: 2024-08-02T23:55:24.671Z

Reserved: 2022-04-05T00:00:00

Link: CVE-2022-1243

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-05T15:15:08.097

Modified: 2023-07-24T13:46:01.397

Link: CVE-2022-1243

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "medialize/uri.js", "vendor": "medialize", "versions": [{"lessThan": "1.19.11", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-05T15:05:18", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae"}], "source": {"advisory": "8c5afc47-1553-4eba-a98e-024e4cc3dfb7", "discovery": "EXTERNAL"}, "title": "CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1243", "STATE": "PUBLIC", "TITLE": "CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "medialize/uri.js", "version": {"version_data": [{"version_affected": "<", "version_value": "1.19.11"}]}}]}, "vendor_name": "medialize"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7"}, {"name": "https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae", "refsource": "MISC", "url": "https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae"}]}, "source": {"advisory": "8c5afc47-1553-4eba-a98e-024e4cc3dfb7", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:55:24.671Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae"}]}]}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-1243", "datePublished": "2022-04-05T15:05:18", "dateReserved": "2022-04-05T00:00:00", "dateUpdated": "2024-08-02T23:55:24.671Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uri.js_project:uri.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCFE940B-2DE3-4D02-A96B-BF51B4B18ECD", "versionEndExcluding": "1.19.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11."}, {"lang": "es", "value": "CRHTLF puede conllevar a una extracci\u00f3n de protocolo no v\u00e1lida conllevando potencialmente a un ataque de tipo XSS en el repositorio de GitHub medialize/uri.js versiones anteriores a 1.19.11"}], "id": "CVE-2022-1243", "lastModified": "2023-07-24T13:46:01.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-05T15:15:08.097", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@huntr.dev", "type": "Secondary"}]}