CVE-2022-1181
published 2022-03-30CVE-2022-1181: Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.
PriorityP340medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
51.47%
98.8th percentile
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 5.7.0 < 6.0.19 | 6.0.19 |
| linux | linux_kernel | >= 6.1.0 < 6.1.5 | 6.1.5 |
| open-emr | openemr | < 6.0.0.2 | 6.0.0.2 |
| openemr | openemr_openemr | >= unspecified < 6.0.0.2 | 6.0.0.2 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.08.0HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat6.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
vhost_vdpa: fix the crash in unmap a large memory
osv·2025-12-30
CVE-2022-50851 vhost_vdpa: fix the crash in unmap a large memory
vhost_vdpa: fix the crash in unmap a large memory
In the Linux kernel, the following vulnerability has been resolved:
vhost_vdpa: fix the crash in unmap a large memory
While testing in vIOMMU, sometimes Guest will unmap very large memory,
which will cause the crash. To fix this, add a new function
vhost_vdpa_general_unmap(). This function will only unmap the memory
that saved in iotlb.
Call Trace:
[ 647.820144] ------------[ cut here ]------------
[ 647.820848] kernel BUG at drivers/iommu/intel/iommu.c:1174!
[ 647.821486] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[ 647.822082] CPU: 10 PID: 1181 Comm: qemu-system-x86 Not tainted 6.0.0-rc1home_lulu_2452_lulu7_vhost+ #62
[ 647.823139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qem4
[ 647.
GHSA
GHSA-4fvq-7f5m-crg4: Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6
ghsa_unreviewed·2022-03-31
CVE-2022-1181 [MEDIUM] CWE-79 GHSA-4fvq-7f5m-crg4: Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.
Red Hat
kernel: Linux kernel (vhost_vdpa): Denial of service via large memory unmap
vendor_redhat·2025-12-30·CVSS 6.6
CVE-2022-50851 [MEDIUM] CWE-754 kernel: Linux kernel (vhost_vdpa): Denial of service via large memory unmap
kernel: Linux kernel (vhost_vdpa): Denial of service via large memory unmap
In the Linux kernel, the following vulnerability has been resolved:
vhost_vdpa: fix the crash in unmap a large memory
While testing in vIOMMU, sometimes Guest will unmap very large memory,
which will cause the crash. To fix this, add a new function
vhost_vdpa_general_unmap(). This function will only unmap the memory
that saved in iotlb.
Call Trace:
[ 647.820144] ------------[ cut here ]------------
[ 647.820848] kernel BUG at drivers/iommu/intel/iommu.c:1174!
[ 647.821486] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[ 647.822082] CPU: 10 PID: 1181 Comm: qemu-system-x86 Not tainted 6.0.0-rc1home_lulu_2452_lulu7_vhost+ #62
[ 647.823139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0d
No detection rules found.
No public exploits indexed.
2022-03-30
Published