CVE-2022-4513 - OpenCVE

A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eea	Eionet Content Registry

Configuration 1 [-]

cpe:2.3:a:eea:eionet_content_registry:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c6bccb6
https://github.com/eea/eionet.contreg/releases/tag/2022-06-27T0948
https://vuldb.com/?id.215885

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-12-15T00:00:00

Updated: 2024-08-03T01:41:45.558Z

Reserved: 2022-12-15T00:00:00

Link: CVE-2022-4513

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-15T20:15:10.023

Modified: 2023-11-07T03:58:02.317

Link: CVE-2022-4513

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4513", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2024-08-03T01:41:45.558Z", "dateReserved": "2022-12-15T00:00:00", "datePublished": "2022-12-15T00:00:00"}, "containers": {"cna": {"title": "European Environment Agency eionet.contreg cross site scripting", "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-15T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability."}], "affected": [{"vendor": "European Environment Agency", "product": "eionet.contreg", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c6bccb6"}, {"url": "https://github.com/eea/eionet.contreg/releases/tag/2022-06-27T0948"}, {"url": "https://vuldb.com/?id.215885"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting", "cweId": "CWE-707"}]}], "x_generator": "vuldb.com"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:41:45.558Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c6bccb6", "tags": ["x_transferred"]}, {"url": "https://github.com/eea/eionet.contreg/releases/tag/2022-06-27T0948", "tags": ["x_transferred"]}, {"url": "https://vuldb.com/?id.215885", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eea:eionet_content_registry:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC631E1F-86EF-442B-BFBB-F653E19F435D", "versionEndExcluding": "2022-06-27t0948", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en European Environment Agency eionet.contreg y clasificada como problem\u00e1tica. Este problema afecta alg\u00fan procesamiento desconocido. La manipulaci\u00f3n del argumento searchTag/resourceUri conduce a Cross-Site Scripting. El ataque puede iniciarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 2022-06-27T0948 puede solucionar este problema. El nombre del parche es a120c2153e263e62c4db34a06ab96a9f1c6bccb6. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-215885."}], "id": "CVE-2022-4513", "lastModified": "2023-11-07T03:58:02.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-12-15T20:15:10.023", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c6bccb6"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://github.com/eea/eionet.contreg/releases/tag/2022-06-27T0948"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.215885"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-707"}], "source": "cna@vuldb.com", "type": "Secondary"}]}