PT-2023-15914 · Unknown · Ualbertalib Neosdiscovery
Published
2023-03-05
·
Updated
2024-05-17
·
CVE-2022-4927
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ualbertalib NEOSDiscovery version 1.0.70
Description
This issue affects some unknown processing of the file
app/views/bookmarks/ refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely.Recommendations
For version 1.0.70, upgrade to version 1.0.71 to address this issue. As a temporary workaround, consider restricting access to the file
app/views/bookmarks/ refworks.html.erb until the upgrade is applied.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ualbertalib Neosdiscovery