CVE-2022-1173
published 2022-04-26CVE-2022-1173: stored xss in GitHub repository getgrav/grav prior to 1.7.33.
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
1.47%
70.5th percentile
stored xss in GitHub repository getgrav/grav prior to 1.7.33.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| getgrav | getgrav_grav | >= unspecified < 1.7.33 | 1.7.33 |
| getgrav | grav | < 1.7.33 | 1.7.33 |
| getgrav | grav | >= 0 < 1.7.33 | 1.7.33 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Stored cross site scripting in getgrav/grav
ghsa·2022-04-27
CVE-2022-1173 [MEDIUM] CWE-79 Stored cross site scripting in getgrav/grav
Stored cross site scripting in getgrav/grav
Stored cross-site scripting in GitHub repository getgrav/grav prior to 1.7.33.
OSV
Stored cross site scripting in getgrav/grav
osv·2022-04-27
CVE-2022-1173 [MEDIUM] Stored cross site scripting in getgrav/grav
Stored cross site scripting in getgrav/grav
Stored cross-site scripting in GitHub repository getgrav/grav prior to 1.7.33.
Red Hat
webkitgtk: Memory corruption issue leading to arbitrary code execution
vendor_redhat·2022-05-17·CVSS 8.8
CVE-2022-26719 [HIGH] CWE-1173 webkitgtk: Memory corruption issue leading to arbitrary code execution
webkitgtk: Memory corruption issue leading to arbitrary code execution
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to memory corruption. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Out of support scope
Red Hat
webkitgtk: Memory corruption issue leading to arbitrary code execution
vendor_redhat·2022-05-17·CVSS 8.8
CVE-2022-26716 [HIGH] CWE-1173 webkitgtk: Memory corruption issue leading to arbitrary code execution
webkitgtk: Memory corruption issue leading to arbitrary code execution
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Out of support scope
Red Hat
webkitgtk: Memory corruption issue leading to arbitrary code execution
vendor_redhat·2022-05-17·CVSS 8.8
CVE-2022-26700 [HIGH] CWE-1173 webkitgtk: Memory corruption issue leading to arbitrary code execution
webkitgtk: Memory corruption issue leading to arbitrary code execution
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.
A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to memory corruption. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Out of support scope
Red Hat
poppler: A logic error in the Hints::Hints function can cause denial of service
vendor_redhat·2022-05-13·CVSS 6.5
CVE-2022-27337 [MEDIUM] CWE-1173 poppler: A logic error in the Hints::Hints function can cause denial of service
poppler: A logic error in the Hints::Hints function can cause denial of service
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
A logic error was found in Popplers' Hints::Hints function in the Hints.cc file. This flaw allows an attacker to trick a user into opening a crafted PDf file into the pdftops utility, which causes the program to hang for a long time, leading to a denial of service.
Package: poppler (Red Hat Enterprise Linux 6) - Not affected
Package: poppler (Red Hat Enterprise Linux 7) - Out of support scope
Red Hat
Mozilla: Speech Synthesis feature not properly disabled
vendor_redhat·2022-05-03·CVSS 6.5
CVE-2022-29913 [MEDIUM] CWE-1173 Mozilla: Speech Synthesis feature not properly disabled
Mozilla: Speech Synthesis feature not properly disabled
The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9.
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this issue of the parent process not properly checking whether the Speech Synthesis feature is enabled when receiving instructions from a child process.
Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope
Red Hat
3scale-system: script injection in multiple endpoints
vendor_redhat·2022-04-19·CVSS 8.8
CVE-2022-1414 [HIGH] CWE-1173 3scale-system: script injection in multiple endpoints
3scale-system: script injection in multiple endpoints
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.
Package: 3scale-amp-system (Red Hat 3scale API Management Platform 2) - Will not fix
Red Hat
OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
vendor_redhat·2022-04-19·CVSS 5.3
CVE-2022-21496 [MEDIUM] CWE-1173 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or
Red Hat
mariadb: crash via window function in expression in ORDER BY
vendor_redhat·2022-03-16·CVSS 7.5
CVE-2022-27451 [HIGH] CWE-1173 mariadb: crash via window function in expression in ORDER BY
mariadb: crash via window function in expression in ORDER BY
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.
A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/field_conv.cc, affecting availability.
Package: mariadb (Red Hat Enterprise Linux 7) - Not affected
Package: mariadb:10.3/mariadb (Red Hat Enterprise Linux 8) - Not affected
Package: mariadb (Red Hat OpenStack Platform 13 (Queens)) - Out of support scope
Package: rh-mariadb103-mariadb (Red Hat Software Collections) - Not affected
Red Hat
dotnet: ASP.NET Denial of Service via FormPipeReader
vendor_redhat·2022-03-08·CVSS 7.5
CVE-2022-24464 [HIGH] CWE-1173 dotnet: ASP.NET Denial of Service via FormPipeReader
dotnet: ASP.NET Denial of Service via FormPipeReader
.NET and Visual Studio Denial of Service Vulnerability
A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service.
Red Hat
urijs: Leading white space bypasses protocol validation
vendor_redhat·2022-03-03·CVSS 5.3
CVE-2022-24723 [MEDIUM] CWE-1173 urijs: Leading white space bypasses protocol validation
urijs: Leading white space bypasses protocol validation
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.
An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation.
Package: rh-dotnet31-dotnet (.NET Core 3.1 on Red Hat Enterprise Linux) - Affected
Package: rh-dotnet50-dotnet (.NET Core 5.0 on Red Hat Enterprise Linux) - Out of support scope
Package: rhacm2/application-ui-rhel8 (Red Hat Advanced C
Red Hat
mariadb: lack of validating the existence of an object prior to performing operations on the object
vendor_redhat·2022-02-18·CVSS 7.8
CVE-2022-24050 [HIGH] CWE-1173 mariadb: lack of validating the existence of an object prior to performing operations on the object
mariadb: lack of validating the existence of an object prior to performing operations on the object
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.
Package: mariadb (Red Hat Enterprise Linux 7) - Out of support scope
Package: mariadb (Red Hat JBoss Core Services) - No
Red Hat
webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript
vendor_redhat·2022-02-09·CVSS 6.1
CVE-2022-22589 [MEDIUM] CWE-1173 webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript
webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.
A vulnerability was found in WebKitGTK. The vulnerability exists due to improper input validation in WebKit when processing email messages. This flaw allows a remote attacker to trick the victim into opening a specially crafted email message and execute arbitrary JavaScript code.
Statement: Red Hat Enterprise Linux 6, 7, 8, and 9 are affected because the code-base is affected by this vulnerability.
Red Hat Product Security has rated
Red Hat
python-pillow: temporary directory with a space character allows removal of unrelated file after im.show() and related actions
vendor_redhat·2022-02-03·CVSS 9.1
CVE-2022-24303 [CRITICAL] CWE-1173 python-pillow: temporary directory with a space character allows removal of unrelated file after im.show() and related actions
python-pillow: temporary directory with a space character allows removal of unrelated file after im.show() and related actions
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
A flaw was found in python-pillow. The vulnerability occurs due to the not validated remove operation, leading to Improper input validation. This flaw allows an attacker to externally-influenced input commands that modify or remove the intended command.
Package: python-pillow (Red Hat Enterprise Linux 7) - Not affected
Package: python-pillow (Red Hat Enterprise Linux 8) - Not affected
Package: quay/quay-rhel8 (Red Hat Quay 3) - Affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-26
Published