CVE-2022-4514

Name of the Vulnerable Software and Affected Versions Opencaching Deutschland oc-server3 (affected versions not specified)

Description A problematic vulnerability was found in Opencaching Deutschland oc-server3, affecting an unknown function of the file htdocs/lang/de/ocstyle/varset.inc.php. The manipulation of the varvalue argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, it is recommended to apply a patch with the name 4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f. As a temporary workaround, consider restricting access to the varset.inc.php file until the patch is applied. Additionally, avoid using the varvalue argument in the affected function until the issue is resolved.