CVE-2022-2729
published 2022-08-09CVE-2022-2729: Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.44%
34.9th percentile
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | cbl2_vim_8.2.4925-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_vim_8.2.5064-1_on_cbl_mariner_1.0 | — | — |
| open-emr | openemr | < 7.0.0.1 | 7.0.0.1 |
| openemr | openemr_openemr | >= unspecified < 7.0.0.1 | 7.0.0.1 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cisa9.8CRITICAL
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4g8f-4v3f-79wh: Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7
ghsa_unreviewed·2022-08-10
CVE-2022-2729 CWE-79 GHSA-4g8f-4v3f-79wh: Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
GHSA
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin
ghsa·2022-05-18
CVE-2022-30970 [HIGH] CWE-79 Cross-site Scripting in Jenkins Autocomplete Parameter Plugin
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
While this looks similar to SECURITY-2729, this is an independent problem and exploitable even on views rendering parameters that otherwise attempt to prevent XSS vulnerabilities in parameter names.
Microsoft
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim
vendor_msrc·2022-05-10·CVSS 7.5
CVE-2022-1620 [HIGH] CWE-476 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
@huntrdev: @huntrdev
Customer Action Required: Yes
Remediation: CBL-Marine
Red Hat
vim: NULL Pointer Dereference in vim_regexec_string() of regexp.c
vendor_redhat·2022-05-08·CVSS 7.5
CVE-2022-1620 [HIGH] CWE-476 vim: NULL Pointer Dereference in vim_regexec_string() of regexp.c
vim: NULL Pointer Dereference in vim_regexec_string() of regexp.c
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.
Statement: Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just takin
CISA
Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
cisa·2022-03-28·CVSS 9.8
CVE-2013-2729 [CRITICAL] CWE-189 Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
Vulnerability: Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
Affected: Adobe Reader and Acrobat
Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-2729
Remediation Due Date: 2022-04-18
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-08-09
Published