Cross-site Scripting in Ericsson CodeChecker

説明

In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.

基本情報

タイプ
reviewed
深刻度
medium
GitHub 上のアドバイザリ
アドバイザリを開く ↗
リポジトリのアドバイザリ
ソースコード
ソースを見る ↗
公開(アドバイザリ)
2022-01-21 23:32:32 UTC
更新
2026-05-19 20:19:28 UTC
GitHub レビュー済み
2022-01-19 22:37:27 UTC
NVD で公開
2022-01-18

EPSS Score

Score Percentile
0.74% 72.51%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

CWEs

CWE id Name
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
pip codechecker < 6.18.2 6.18.2

References

cvelogic Threat Intelligence