CVE-2022-2871
published 2022-08-17CVE-2022-2871: Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.53%
40.8th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| notrinos | notrinos-erp | 0 – 0.7 | — |
| notrinos | notrinos_notrinoserp | >= unspecified < 0.7 | 0.7 |
| notrinos | notrinoserp | < 0.7 | 0.7 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.6MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
NotrinosERP Cross-site Scripting vulnerability
ghsa·2022-08-18
CVE-2022-2871 [MEDIUM] CWE-79 NotrinosERP Cross-site Scripting vulnerability
NotrinosERP Cross-site Scripting vulnerability
NotrinosERP version 0.7 and prior is vulnerable to stored cross-site scripting. A fix is available on the `master` branch of the repository.
OSV
NotrinosERP Cross-site Scripting vulnerability
osv·2022-08-18
CVE-2022-2871 [MEDIUM] NotrinosERP Cross-site Scripting vulnerability
NotrinosERP Cross-site Scripting vulnerability
NotrinosERP version 0.7 and prior is vulnerable to stored cross-site scripting. A fix is available on the `master` branch of the repository.
Red Hat
kernel: scsi: qla2xxx: Implement ref count for SRB
vendor_redhat·2025-02-26·CVSS 5.5
CVE-2022-49159 [MEDIUM] CWE-401 kernel: scsi: qla2xxx: Implement ref count for SRB
kernel: scsi: qla2xxx: Implement ref count for SRB
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Implement ref count for SRB
The timeout handler and the done function are racing. When
qla2x00_async_iocb_timeout() starts to run it can be preempted by the
normal response path (via the firmware?). qla24xx_async_gpsc_sp_done()
releases the SRB unconditionally. When scheduling back to
qla2x00_async_iocb_timeout() qla24xx_async_abort_cmd() will access an freed
sp->qpair pointer:
qla2xxx [0000:83:00.0]-2871:0: Async-gpsc timeout - hdl=63d portid=234500 50:06:0e:80:08:77:b6:21.
qla2xxx [0000:83:00.0]-2853:0: Async done-gpsc res 0, WWPN 50:06:0e:80:08:77:b6:21
qla2xxx [0000:83:00.0]-2854:0: Async-gpsc OUT WWPN 20:45:00:27:f8:75:33:00 speeds=2c00 speed=0400.
qla
No detection rules found.
No public exploits indexed.
https://github.com/notrinos/notrinoserp/commit/0362778f4f678156c22a009094225823df8a4760https://huntr.dev/bounties/61126c07-22ac-4961-a198-1aa33060b373https://github.com/notrinos/notrinoserp/commit/0362778f4f678156c22a009094225823df8a4760https://huntr.dev/bounties/61126c07-22ac-4961-a198-1aa33060b373
2022-08-17
Published