cvelistv5 - CVE-2022-1588

CVE-2022-1588 (GCVE-0-2022-1588)

Vulnerability from cvelistv5

DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2022-05-23T15:30:10",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-1588",
    "datePublished": "2022-05-05T06:45:11",
    "dateRejected": "2022-05-23T15:30:10",
    "dateReserved": "2022-05-05T00:00:00",
    "dateUpdated": "2022-05-23T15:30:10",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-1588\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2022-05-05T07:15:16.597\",\"lastModified\":\"2023-11-07T03:42:01.640\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage\"}],\"metrics\":{},\"references\":[]}}"
  }
}

gsd-2022-1588

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.

Aliases

CVE-2022-1588

Aliases

CVE-2022-1588

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-1588",
    "description": "Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application :)",
    "id": "GSD-2022-1588",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2022-1588"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-1588"
      ],
      "details": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.",
      "id": "GSD-2022-1588",
      "modified": "2023-12-13T01:19:28.425855Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-1588",
        "STATE": "REJECT"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage."
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c4.13.3",
          "affected_versions": "All versions before 4.13.3",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2022-05-13",
          "description": "Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application :)",
          "fixed_versions": [
            "4.13.3"
          ],
          "identifier": "CVE-2022-1588",
          "identifiers": [
            "CVE-2022-1588"
          ],
          "not_impacted": "All versions starting from 4.13.3",
          "package_slug": "packagist/contao/core-bundle",
          "pubdate": "2022-05-05",
          "solution": "Upgrade to version 4.13.3 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-1588",
            "https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c",
            "https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80"
          ],
          "uuid": "14b6e47a-10b7-4940-b710-8fda82753384"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.13.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-1588"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application :)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c"
            },
            {
              "name": "https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2022-05-13T14:47Z",
      "publishedDate": "2022-05-05T07:15Z"
    }
  }
}

ghsa-fxxw-25rf-p8p4

Vulnerability from github

Published

2022-05-06 00:00

Modified

2022-05-14 00:03

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application :)

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-1588"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-05T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application :)",
  "id": "GHSA-fxxw-25rf-p8p4",
  "modified": "2022-05-14T00:03:27Z",
  "published": "2022-05-06T00:00:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1588"
    },
    {
      "type": "WEB",
      "url": "https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2022-36995

Vulnerability from cnvd

Title: Contao跨站脚本漏洞（CNVD-2022-36995）

Description:

Contao是一套采用PHP开发的开源内容管理系统（CMS）。该系统支持搜索引擎、权限管理和CSS框架等。

Contao 4.13.3之前版本存在跨站脚本漏洞，该漏洞源于应用缺少对于用户输入的验证。攻击者可以利用该漏洞在应用程序中执行恶意JavaScript代码。

Severity: 中

Patch Name: Contao跨站脚本漏洞（CNVD-2022-36995）的补丁

Patch Description:

Contao是一套采用PHP开发的开源内容管理系统（CMS）。该系统支持搜索引擎、权限管理和CSS框架等。

Contao 4.13.3之前版本存在跨站脚本漏洞，该漏洞源于应用缺少对于用户输入的验证。攻击者可以利用该漏洞在应用程序中执行恶意JavaScript代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-1588

Impacted products

Name
Contao Contao <4.13.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-1588",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-1588"
    }
  },
  "description": "Contao\u662f\u4e00\u5957\u91c7\u7528PHP\u5f00\u53d1\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\u8be5\u7cfb\u7edf\u652f\u6301\u641c\u7d22\u5f15\u64ce\u3001\u6743\u9650\u7ba1\u7406\u548cCSS\u6846\u67b6\u7b49\u3002\n\nContao 4.13.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7f3a\u5c11\u5bf9\u4e8e\u7528\u6237\u8f93\u5165\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5e94\u7528\u7a0b\u5e8f\u4e2d\u6267\u884c\u6076\u610fJavaScript\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-36995",
  "openTime": "2022-05-13",
  "patchDescription": "Contao\u662f\u4e00\u5957\u91c7\u7528PHP\u5f00\u53d1\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\u8be5\u7cfb\u7edf\u652f\u6301\u641c\u7d22\u5f15\u64ce\u3001\u6743\u9650\u7ba1\u7406\u548cCSS\u6846\u67b6\u7b49\u3002\r\n\r\nContao 4.13.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7f3a\u5c11\u5bf9\u4e8e\u7528\u6237\u8f93\u5165\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5e94\u7528\u7a0b\u5e8f\u4e2d\u6267\u884c\u6076\u610fJavaScript\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Contao\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2022-36995\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Contao Contao \u003c4.13.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-1588",
  "serverity": "\u4e2d",
  "submitTime": "2022-05-09",
  "title": "Contao\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2022-36995\uff09"
}

fkie_cve-2022-1588

Vulnerability from fkie_nvd

Published

2022-05-05 07:15

Modified

2023-11-07 03:42

Severity ?

Summary

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage

References

▼	URL	Tags

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage"
    }
  ],
  "id": "CVE-2022-1588",
  "lastModified": "2023-11-07T03:42:01.640",
  "metrics": {},
  "published": "2022-05-05T07:15:16.597",
  "references": [],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Rejected"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-1588 (GCVE-0-2022-1588)

Vulnerability from cvelistv5

gsd-2022-1588

Vulnerability from gsd

ghsa-fxxw-25rf-p8p4

Vulnerability from github

cnvd-2022-36995

Vulnerability from cnvd

fkie_cve-2022-1588

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature