@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did not encode or sanitize Showdown's output. This made it possible for arbitrary JavaScript included in vulnerability details via HTML attributes to be executed in context of the frontend. Actors with the `VULNERABILITY_MANAGEMENT` permission can exploit this weakness by creating or editing a custom vulnerability and providing XSS payloads in any of the following fields: Description, Details, Recommendation, or References. The payload will be executed for users with the `VIEW_PORTFOLIO` permission when browsing to the modified vulnerability's page. Alternatively, malicious JavaScript could be introduced via any of the vulnerability databases mirrored by Dependency-Track. However, this attack vector is highly unlikely, and the maintainers of Dependency-Track are not aware of any occurrence of this happening. Note that the `Vulnerability Details` element of the `Audit Vulnerabilities` tab in the project view is not affected. The issue has been fixed in frontend version 4.6.1.
References
| Link | Resource |
|---|---|
| https://docs.dependencytrack.org/changelog/ | Release Notes Third Party Advisory |
| https://github.com/DependencyTrack/frontend/security/advisories/GHSA-c33w-pm52-mqvf | Third Party Advisory |
| https://github.com/showdownjs/showdown/wiki/Markdown%27s-XSS-Vulnerability-%28and-how-to-mitigate-it%29 | |
| https://docs.dependencytrack.org/changelog/ | Release Notes Third Party Advisory |
| https://github.com/DependencyTrack/frontend/security/advisories/GHSA-c33w-pm52-mqvf | Third Party Advisory |
| https://github.com/showdownjs/showdown/wiki/Markdown%27s-XSS-Vulnerability-%28and-how-to-mitigate-it%29 |
Configurations
History
21 Nov 2024, 07:18
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://docs.dependencytrack.org/changelog/ - Release Notes, Third Party Advisory | |
| References | () https://github.com/DependencyTrack/frontend/security/advisories/GHSA-c33w-pm52-mqvf - Third Party Advisory | |
| References | () https://github.com/showdownjs/showdown/wiki/Markdown%27s-XSS-Vulnerability-%28and-how-to-mitigate-it%29 - |
28 Oct 2022, 19:24
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| CWE | CWE-79 | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* | |
| CPE | cpe:2.3:a:owasp:dependency-track_frontend:*:*:*:*:*:*:*:* |
25 Oct 2022, 17:37
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-10-25 17:15
Updated : 2024-11-21 07:18
NVD link : CVE-2022-39350
Mitre link : CVE-2022-39350
CVE.ORG link : CVE-2022-39350
JSON object : View
Products Affected
owasp
- dependency-track_frontend
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')