Cross-site Scripting in Ericsson CodeChecker

CVE-2021-44217 → View on GitHub ↗ View on CVE.org ↗ View on NVD ↗

Description

In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.

Basic information

Type: reviewed
Severity: medium
Advisory on GitHub: Open advisory ↗
Repository advisory: —
Source code: Browse source ↗
Published (advisory): 2022-01-21 23:32:32 UTC
Updated: 2026-05-19 20:19:28 UTC
GitHub reviewed: 2022-01-19 22:37:27 UTC
NVD published: 2022-01-18

EPSS Score

Score	Percentile
0.74%	72.51%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

Type	Value
GHSA	GHSA-fxmx-pfm2-85m2 ↗
CVE	CVE-2021-44217 ↗

CWEs

CWE id	Name
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem	Package	Vulnerable range	First patched	Vulnerable functions
pip	codechecker	< 6.18.2	6.18.2	—

References

cvelogic Threat Intelligence