CVE-2022-4561

Name of the Vulnerable Software and Affected Versions SemanticDrilldown Extension (affected versions not specified)

Description A problematic vulnerability has been found in the SemanticDrilldown Extension, affecting the printFilterLine function of the file includes/specials/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the value argument leads to cross-site scripting. It is possible to launch the attack remotely.

Recommendations To fix this issue, it is recommended to apply a patch with the name 6e18cf740a4548166c1d95f6d3a28541d298a3aa. As a temporary workaround, consider disabling the printFilterLine function until a patch is available. Restrict access to the includes/specials/SDBrowseDataPage.php file to minimize the risk of exploitation. Avoid using the value argument in the affected API endpoint until the issue is resolved.