CVE-2022-2731
published 2022-08-09CVE-2022-2731: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.46%
36.6th percentile
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-emr | openemr | < 7.0.0.1 | 7.0.0.1 |
| openemr | openemr_openemr | >= unspecified < 7.0.0.1 | 7.0.0.1 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
tiff vulnerabilities
osv·2023-08-15·CVSS 5.5
CVE-2022-48281 tiff vulnerabilities
tiff vulnerabilities
It was discovered that LibTIFF could be made to write out of bounds when
processing certain malformed image files with the tiffcrop utility. If a
user were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause tiffcrop to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2022-48281)
It was discovered that LibTIFF incorrectly handled certain image files. If
a user were tricked into opening a specially crafted image file, an
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 23.04. (CVE-2023-2731)
It was discovered that LibTIFF incorrectly handled certain i
GHSA
GHSA-wv2j-j29v-4252: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7
ghsa_unreviewed·2022-08-10
CVE-2022-2731 GHSA-wv2j-j29v-4252: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-08-09
Published