Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for carbon-registry by wso2

    CVE-2022-4521 (GCVE-0-2022-4521)

    Vulnerability from nvd – Published: 2022-12-15 00:00 – Updated: 2024-08-03 01:41
    VLAI
    Title
    WSO2 carbon-registry Request Parameter cross site scripting
    Summary
    A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.7 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability.
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    Impacted products
    Vendor Product Version
    WSO2 carbon-registry Affected: 4.8.0
    Affected: 4.8.1
    Affected: 4.8.2
    Affected: 4.8.3
    Affected: 4.8.4
    Affected: 4.8.5
    Affected: 4.8.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:41:45.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "technical-description",
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.215901"
              },
              {
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://github.com/wso2/carbon-registry/pull/399"
              },
              {
                "tags": [
                  "mitigation",
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/wso2/carbon-registry/commit/9f967abfde9317bee2cda469dbc09b57d539f2cc"
              },
              {
                "tags": [
                  "mitigation",
                  "x_transferred"
                ],
                "url": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Request Parameter Handler"
              ],
              "product": "carbon-registry",
              "vendor": "WSO2",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.0"
                },
                {
                  "status": "affected",
                  "version": "4.8.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.2"
                },
                {
                  "status": "affected",
                  "version": "4.8.3"
                },
                {
                  "status": "affected",
                  "version": "4.8.4"
                },
                {
                  "status": "affected",
                  "version": "4.8.5"
                },
                {
                  "status": "affected",
                  "version": "4.8.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.7 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in WSO2 carbon-registry bis 4.8.6 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Request Parameter Handler. Durch Manipulation des Arguments parentPath/path/username/path/profile_menu mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 4.8.7 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 9f967abfde9317bee2cda469dbc09b57d539f2cc bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-24T21:17:24.949Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "technical-description",
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.215901"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/wso2/carbon-registry/pull/399"
            },
            {
              "tags": [
                "mitigation",
                "patch"
              ],
              "url": "https://github.com/wso2/carbon-registry/commit/9f967abfde9317bee2cda469dbc09b57d539f2cc"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.7"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-12-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2022-12-15T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2022-12-24T17:48:07.000Z",
              "value": "VulDB last update"
            }
          ],
          "title": "WSO2 carbon-registry Request Parameter cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2022-4521",
        "datePublished": "2022-12-15T00:00:00.000Z",
        "dateReserved": "2022-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T01:41:45.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4520 (GCVE-0-2022-4520)

    Vulnerability from nvd – Published: 2022-12-15 00:00 – Updated: 2025-04-15 13:03
    VLAI
    Title
    WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting
    Summary
    A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the component Advanced Search. The manipulation of the argument mediaType/rightOp/leftOp/rightPropertyValue/leftPropertyValue leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215900.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-707 - Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting
    Assigner
    Impacted products
    Vendor Product Version
    WSO2 carbon-registry Affected: 4.8.0
    Affected: 4.8.1
    Affected: 4.8.2
    Affected: 4.8.3
    Affected: 4.8.4
    Affected: 4.8.5
    Affected: 4.8.6
    Affected: 4.8.7
    Affected: 4.8.8
    Affected: 4.8.9
    Affected: 4.8.10
    Affected: 4.8.11
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:41:45.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/wso2/carbon-registry/pull/404"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/wso2/carbon-registry/commit/0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.215900"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4520",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T16:54:59.733922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T13:03:58.576Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "carbon-registry",
              "vendor": "WSO2",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.0"
                },
                {
                  "status": "affected",
                  "version": "4.8.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.2"
                },
                {
                  "status": "affected",
                  "version": "4.8.3"
                },
                {
                  "status": "affected",
                  "version": "4.8.4"
                },
                {
                  "status": "affected",
                  "version": "4.8.5"
                },
                {
                  "status": "affected",
                  "version": "4.8.6"
                },
                {
                  "status": "affected",
                  "version": "4.8.7"
                },
                {
                  "status": "affected",
                  "version": "4.8.8"
                },
                {
                  "status": "affected",
                  "version": "4.8.9"
                },
                {
                  "status": "affected",
                  "version": "4.8.10"
                },
                {
                  "status": "affected",
                  "version": "4.8.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the component Advanced Search. The manipulation of the argument mediaType/rightOp/leftOp/rightPropertyValue/leftPropertyValue leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215900."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "CWE-707 Improper Neutralization -\u003e CWE-74 Injection -\u003e CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-15T00:00:00.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "url": "https://github.com/wso2/carbon-registry/pull/404"
            },
            {
              "url": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.12"
            },
            {
              "url": "https://github.com/wso2/carbon-registry/commit/0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4"
            },
            {
              "url": "https://vuldb.com/?id.215900"
            }
          ],
          "title": "WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting",
          "x_generator": "vuldb.com"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2022-4520",
        "datePublished": "2022-12-15T00:00:00.000Z",
        "dateReserved": "2022-12-15T00:00:00.000Z",
        "dateUpdated": "2025-04-15T13:03:58.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4520 (GCVE-0-2022-4520)

    Vulnerability from cvelistv5 – Published: 2022-12-15 00:00 – Updated: 2025-04-15 13:03
    VLAI
    Title
    WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting
    Summary
    A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the component Advanced Search. The manipulation of the argument mediaType/rightOp/leftOp/rightPropertyValue/leftPropertyValue leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215900.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-707 - Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting
    Assigner
    Impacted products
    Vendor Product Version
    WSO2 carbon-registry Affected: 4.8.0
    Affected: 4.8.1
    Affected: 4.8.2
    Affected: 4.8.3
    Affected: 4.8.4
    Affected: 4.8.5
    Affected: 4.8.6
    Affected: 4.8.7
    Affected: 4.8.8
    Affected: 4.8.9
    Affected: 4.8.10
    Affected: 4.8.11
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:41:45.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/wso2/carbon-registry/pull/404"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/wso2/carbon-registry/commit/0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.215900"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4520",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T16:54:59.733922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T13:03:58.576Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "carbon-registry",
              "vendor": "WSO2",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.0"
                },
                {
                  "status": "affected",
                  "version": "4.8.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.2"
                },
                {
                  "status": "affected",
                  "version": "4.8.3"
                },
                {
                  "status": "affected",
                  "version": "4.8.4"
                },
                {
                  "status": "affected",
                  "version": "4.8.5"
                },
                {
                  "status": "affected",
                  "version": "4.8.6"
                },
                {
                  "status": "affected",
                  "version": "4.8.7"
                },
                {
                  "status": "affected",
                  "version": "4.8.8"
                },
                {
                  "status": "affected",
                  "version": "4.8.9"
                },
                {
                  "status": "affected",
                  "version": "4.8.10"
                },
                {
                  "status": "affected",
                  "version": "4.8.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the component Advanced Search. The manipulation of the argument mediaType/rightOp/leftOp/rightPropertyValue/leftPropertyValue leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215900."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "CWE-707 Improper Neutralization -\u003e CWE-74 Injection -\u003e CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-15T00:00:00.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "url": "https://github.com/wso2/carbon-registry/pull/404"
            },
            {
              "url": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.12"
            },
            {
              "url": "https://github.com/wso2/carbon-registry/commit/0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4"
            },
            {
              "url": "https://vuldb.com/?id.215900"
            }
          ],
          "title": "WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting",
          "x_generator": "vuldb.com"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2022-4520",
        "datePublished": "2022-12-15T00:00:00.000Z",
        "dateReserved": "2022-12-15T00:00:00.000Z",
        "dateUpdated": "2025-04-15T13:03:58.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4521 (GCVE-0-2022-4521)

    Vulnerability from cvelistv5 – Published: 2022-12-15 00:00 – Updated: 2024-08-03 01:41
    VLAI
    Title
    WSO2 carbon-registry Request Parameter cross site scripting
    Summary
    A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.7 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability.
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    Impacted products
    Vendor Product Version
    WSO2 carbon-registry Affected: 4.8.0
    Affected: 4.8.1
    Affected: 4.8.2
    Affected: 4.8.3
    Affected: 4.8.4
    Affected: 4.8.5
    Affected: 4.8.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:41:45.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "technical-description",
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.215901"
              },
              {
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://github.com/wso2/carbon-registry/pull/399"
              },
              {
                "tags": [
                  "mitigation",
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/wso2/carbon-registry/commit/9f967abfde9317bee2cda469dbc09b57d539f2cc"
              },
              {
                "tags": [
                  "mitigation",
                  "x_transferred"
                ],
                "url": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Request Parameter Handler"
              ],
              "product": "carbon-registry",
              "vendor": "WSO2",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8.0"
                },
                {
                  "status": "affected",
                  "version": "4.8.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.2"
                },
                {
                  "status": "affected",
                  "version": "4.8.3"
                },
                {
                  "status": "affected",
                  "version": "4.8.4"
                },
                {
                  "status": "affected",
                  "version": "4.8.5"
                },
                {
                  "status": "affected",
                  "version": "4.8.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.7 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in WSO2 carbon-registry bis 4.8.6 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Request Parameter Handler. Durch Manipulation des Arguments parentPath/path/username/path/profile_menu mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 4.8.7 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 9f967abfde9317bee2cda469dbc09b57d539f2cc bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-24T21:17:24.949Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "technical-description",
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.215901"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/wso2/carbon-registry/pull/399"
            },
            {
              "tags": [
                "mitigation",
                "patch"
              ],
              "url": "https://github.com/wso2/carbon-registry/commit/9f967abfde9317bee2cda469dbc09b57d539f2cc"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.7"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-12-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2022-12-15T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2022-12-24T17:48:07.000Z",
              "value": "VulDB last update"
            }
          ],
          "title": "WSO2 carbon-registry Request Parameter cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2022-4521",
        "datePublished": "2022-12-15T00:00:00.000Z",
        "dateReserved": "2022-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T01:41:45.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }