Vulnerability Details CVE-2022-41905
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.4%
CVSS Severity
CVSS v3 Score 8.2
References
- https://github.com/mar10/wsgidav/commit/e9606ab0f42f4c1a6611bc3c52de299b0aba7726
- https://github.com/mar10/wsgidav/security/advisories/GHSA-xx6g-jj35-pxjv
- https://github.com/mar10/wsgidav/commit/e9606ab0f42f4c1a6611bc3c52de299b0aba7726
- https://github.com/mar10/wsgidav/security/advisories/GHSA-xx6g-jj35-pxjv
Products affected by CVE-2022-41905
-
cpe:2.3:a:wsgidav_project:wsgidav:3.0.0
-
cpe:2.3:a:wsgidav_project:wsgidav:3.0.1
-
cpe:2.3:a:wsgidav_project:wsgidav:3.0.2
-
cpe:2.3:a:wsgidav_project:wsgidav:3.0.3
-
cpe:2.3:a:wsgidav_project:wsgidav:3.0.5
-
cpe:2.3:a:wsgidav_project:wsgidav:3.1.0
-
cpe:2.3:a:wsgidav_project:wsgidav:3.1.1
-
cpe:2.3:a:wsgidav_project:wsgidav:4.0.0
-
cpe:2.3:a:wsgidav_project:wsgidav:4.0.1
-
cpe:2.3:a:wsgidav_project:wsgidav:4.0.2