CVE-2022-37724

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.3%
top 47.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Webobjects
Timeline
PublishedSep 14
Latest updateSep 15

Description

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

Mavenwonder:wonder1.07.3
NVDapple/webobjects1.05.4.3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting2022-09-15
GHSA
Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting2022-09-15
CVEList
CVE-2022-37724: Project Wonder WebObjects 12022-09-14
CVE-2022-37724 (MEDIUM CVSS 6.1) | Project Wonder WebObjects 1.0 throu | cvebase.io