Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-42466

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release, the inputted strings are properly escaped when rendered.

Published

2022-10-19T08:15:11.340

Last Modified

2025-05-08T20:15:22.127

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	isis	< 2.0.0	Yes
Application	apache	isis	2.0.0	Yes
Application	apache	isis	2.0.0	Yes
Application	apache	isis	2.0.0	Yes
Application	apache	isis	2.0.0	Yes
Application	apache	isis	2.0.0	Yes
Application	apache	isis	2.0.0	Yes
Application	apache	isis	2.0.0	Yes
Application	apache	isis	2.0.0	Yes

References

http://www.openwall.com/lists/oss-security/2022/10/19/2 Mailing List, Third Party Advisory ([email protected])
https://lists.apache.org/thread/83ftj5jgtv3mbm28w3trjyvd591jztrz Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/10/19/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/83ftj5jgtv3mbm28w3trjyvd591jztrz Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)