Vulnerability Details CVE-2022-28919
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/splitbrain/dokuwiki/issues/3651
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB7BXJKFALXHURED3OMJIQ4KEDGZOOWL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFL5KMLTSWOHTDHURW5W6YP2DV67IQFP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGKXK6TK27URC76FTX46Z6OLTKYIQK7E/
- https://github.com/splitbrain/dokuwiki/issues/3651
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB7BXJKFALXHURED3OMJIQ4KEDGZOOWL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFL5KMLTSWOHTDHURW5W6YP2DV67IQFP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGKXK6TK27URC76FTX46Z6OLTKYIQK7E/
Products affected by CVE-2022-28919
-
cpe:2.3:a:dokuwiki:dokuwiki:2020-07-29
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:fedoraproject:fedora:35
-
cpe:2.3:o:fedoraproject:fedora:36