Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter.
References
| Link | Resource |
|---|---|
| https://framagit.org/hubzilla/core/-/commit/0784cd593a39a4fc297e8a82f7e79bc8019a0868#1c497fbb3a46b78edf04cc2a2fa33f67e3ffbe2a | Release Notes Third Party Advisory |
| https://hubzilla.org/channel/hubzilla/ | Release Notes Vendor Advisory |
Configurations
History
21 Apr 2022, 20:45
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
| References | (MISC) https://hubzilla.org/channel/hubzilla/ - Release Notes, Vendor Advisory | |
| References | (MISC) https://framagit.org/hubzilla/core/-/commit/0784cd593a39a4fc297e8a82f7e79bc8019a0868#1c497fbb3a46b78edf04cc2a2fa33f67e3ffbe2a - Release Notes, Third Party Advisory | |
| CWE | CWE-79 | |
| CPE | cpe:2.3:a:hubzilla:hubzilla:7.0.3:*:*:*:*:*:*:* |
15 Apr 2022, 16:28
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-04-15 16:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-27258
Mitre link : CVE-2022-27258
CVE.ORG link : CVE-2022-27258
JSON object : View
Products Affected
hubzilla
- hubzilla
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')