PT-2022-27449 · Roots · Roots Soil Plugin
Retlehs
·
Published
2022-12-15
·
Updated
2024-05-17
·
CVE-2022-4524
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Roots soil Plugin versions prior to 4.1.1
Description
A problematic issue was found in the Roots soil Plugin, affecting the
language attributes function of the file src/Modules/CleanUpModule.php. The manipulation of the language argument leads to cross-site scripting. It is possible to launch the attack remotely.Recommendations
To address this issue, upgrade to version 4.1.1. As a temporary workaround, consider restricting access to the
language attributes function until the upgrade is applied.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Roots Soil Plugin