{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4638", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2025-04-14T17:27:52.132Z", "dateReserved": "2022-12-21T00:00:00.000Z", "datePublished": "2022-12-21T00:00:00.000Z"}, "containers": {"cna": {"title": "collective.contact.widget widgets.py title cross site scripting", "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-21T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496."}], "affected": [{"vendor": "unspecified", "product": "collective.contact.widget", "versions": [{"version": "1.0", "status": "affected"}, {"version": "1.1", "status": "affected"}, {"version": "1.2", "status": "affected"}, {"version": "1.3", "status": "affected"}, {"version": "1.4", "status": "affected"}, {"version": "1.5", "status": "affected"}, {"version": "1.6", "status": "affected"}, {"version": "1.7", "status": "affected"}, {"version": "1.8", "status": "affected"}, {"version": "1.9", "status": "affected"}, {"version": "1.10", "status": "affected"}, {"version": "1.11", "status": "affected"}, {"version": "1.12", "status": "affected"}]}], "references": [{"url": "https://github.com/collective/collective.contact.widget/commit/5da36305ca7ed433782be8901c47387406fcda12"}, {"url": "https://vuldb.com/?id.216496"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting", "cweId": "CWE-707"}]}], "x_generator": "vuldb.com"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:39.567Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/collective/collective.contact.widget/commit/5da36305ca7ed433782be8901c47387406fcda12", "tags": ["x_transferred"]}, {"url": "https://vuldb.com/?id.216496", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T16:59:41.880300Z", "id": "CVE-2022-4638", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T17:27:52.132Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/collective/collective.contact.widget/commit/5da36305ca7ed433782be8901c47387406fcda12", "tags": ["x_transferred"]}, {"url": "https://vuldb.com/?id.216496", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:39.567Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-4638", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T16:59:41.880300Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T16:59:43.408Z"}}], "cna": {"title": "collective.contact.widget widgets.py title cross site scripting", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "unspecified", "product": "collective.contact.widget", "versions": [{"status": "affected", "version": "1.0"}, {"status": "affected", "version": "1.1"}, {"status": "affected", "version": "1.2"}, {"status": "affected", "version": "1.3"}, {"status": "affected", "version": "1.4"}, {"status": "affected", "version": "1.5"}, {"status": "affected", "version": "1.6"}, {"status": "affected", "version": "1.7"}, {"status": "affected", "version": "1.8"}, {"status": "affected", "version": "1.9"}, {"status": "affected", "version": "1.10"}, {"status": "affected", "version": "1.11"}, {"status": "affected", "version": "1.12"}]}], "references": [{"url": "https://github.com/collective/collective.contact.widget/commit/5da36305ca7ed433782be8901c47387406fcda12"}, {"url": "https://vuldb.com/?id.216496"}], "x_generator": "vuldb.com", "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-707", "description": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-21T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-4638", "state": "PUBLISHED", "dateUpdated": "2025-04-14T17:27:52.132Z", "dateReserved": "2022-12-21T00:00:00.000Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2022-12-21T00:00:00.000Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:collective.contact.widget_project:collective.contact.widget:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE474E9B-FD4F-4AC8-A4B3-BDAF85499E35", "versionEndExcluding": "1.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en collective.contact.widget hasta 1.12 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n title del archivo src/collective/contact/widget/widgets.py. La manipulaci\u00f3n conduce a Cross-Site Scripting. El ataque se puede iniciar de forma remota. El nombre del parche es 5da36305ca7ed433782be8901c47387406fcda12. Se recomienda aplicar un parche para solucionar este problema. El identificador de esta vulnerabilidad es VDB-216496."}], "id": "CVE-2022-4638", "lastModified": "2024-11-21T07:35:38.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-21T22:15:08.570", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/collective/collective.contact.widget/commit/5da36305ca7ed433782be8901c47387406fcda12"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.216496"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/collective/collective.contact.widget/commit/5da36305ca7ed433782be8901c47387406fcda12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.216496"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-707"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}