Vulnerability Details CVE-2022-39398
tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting (XSS) - Create XSS in task content (when add it). This issue is patched in version 2.0.3. There are no known workarounds.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.3%
CVSS Severity
CVSS v3 Score 8.8
References
- https://github.com/InfotelGLPI/tasklists/commit/4a1b30f3d9fa764695f98ce011c8542772530d47
- https://github.com/InfotelGLPI/tasklists/security/advisories/GHSA-3qv3-8393-777q
- https://github.com/InfotelGLPI/tasklists/commit/4a1b30f3d9fa764695f98ce011c8542772530d47
- https://github.com/InfotelGLPI/tasklists/security/advisories/GHSA-3qv3-8393-777q
Products affected by CVE-2022-39398
-
cpe:2.3:a:infotel:tasklists:1.0.0
-
cpe:2.3:a:infotel:tasklists:1.1.0
-
cpe:2.3:a:infotel:tasklists:1.2.0
-
cpe:2.3:a:infotel:tasklists:1.3.0
-
cpe:2.3:a:infotel:tasklists:1.3.1
-
cpe:2.3:a:infotel:tasklists:1.4.0
-
cpe:2.3:a:infotel:tasklists:1.4.1
-
cpe:2.3:a:infotel:tasklists:1.4.2
-
cpe:2.3:a:infotel:tasklists:1.5.0
-
cpe:2.3:a:infotel:tasklists:1.5.1
-
cpe:2.3:a:infotel:tasklists:1.6.0
-
cpe:2.3:a:infotel:tasklists:1.6.1
-
cpe:2.3:a:infotel:tasklists:1.6.2
-
cpe:2.3:a:infotel:tasklists:2.0.0
-
cpe:2.3:a:infotel:tasklists:2.0.1
-
cpe:2.3:a:infotel:tasklists:2.0.2