CVE-2022-4638

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions collective.contact.widget versions up to 1.12

Description A problematic vulnerability was found in collective.contact.widget, affecting the title function of the file src/collective/contact/widget/widgets.py. This issue leads to cross-site scripting and can be initiated remotely.

Recommendations For collective.contact.widget versions up to 1.12, apply the patch 5da36305ca7ed433782be8901c47387406fcda12 to fix this issue. As a temporary workaround, consider disabling the title function of the widgets.py file until the patch is applied. Restrict access to the vulnerable file src/collective/contact/widget/widgets.py to minimize the risk of exploitation.

Fix

Improper Neutralization

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-707CWE-79

Related Identifiers

CVE-2022-4638

GHSA-5PQF-RVM7-3WGW

PYSEC-2022-42988

Affected Products

Collective.Contact.Widget

CVE-2022-4638

Weakness Enumeration

Related Identifiers

Affected Products

References · 9