CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-41947

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated user to open the malicious file in a browser which would trigger the javascript code, resulting in a cross-site scripting (XSS) attack. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. Users unable to upgrade may add the following simple CSP rule in your web proxy to the vulnerable endpoints: `script-src 'none'`. This workaround will prevent all javascript from running on those endpoints.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.7%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2022-41947

Dhis2 » Dhis 2 » Version: 2.35.0

cpe:2.3:a:dhis2:dhis_2:2.35.0
Dhis2 » Dhis 2 » Version: 2.35.1

cpe:2.3:a:dhis2:dhis_2:2.35.1
Dhis2 » Dhis 2 » Version: 2.35.10

cpe:2.3:a:dhis2:dhis_2:2.35.10
Dhis2 » Dhis 2 » Version: 2.35.11

cpe:2.3:a:dhis2:dhis_2:2.35.11
Dhis2 » Dhis 2 » Version: 2.35.12

cpe:2.3:a:dhis2:dhis_2:2.35.12
Dhis2 » Dhis 2 » Version: 2.35.13

cpe:2.3:a:dhis2:dhis_2:2.35.13
Dhis2 » Dhis 2 » Version: 2.35.14

cpe:2.3:a:dhis2:dhis_2:2.35.14
Dhis2 » Dhis 2 » Version: 2.35.2

cpe:2.3:a:dhis2:dhis_2:2.35.2
Dhis2 » Dhis 2 » Version: 2.35.3

cpe:2.3:a:dhis2:dhis_2:2.35.3
Dhis2 » Dhis 2 » Version: 2.35.4

cpe:2.3:a:dhis2:dhis_2:2.35.4
Dhis2 » Dhis 2 » Version: 2.35.5

cpe:2.3:a:dhis2:dhis_2:2.35.5
Dhis2 » Dhis 2 » Version: 2.35.6

cpe:2.3:a:dhis2:dhis_2:2.35.6
Dhis2 » Dhis 2 » Version: 2.35.7

cpe:2.3:a:dhis2:dhis_2:2.35.7
Dhis2 » Dhis 2 » Version: 2.35.8

cpe:2.3:a:dhis2:dhis_2:2.35.8
Dhis2 » Dhis 2 » Version: 2.35.9

cpe:2.3:a:dhis2:dhis_2:2.35.9
Dhis2 » Dhis 2 » Version: 2.36.0

cpe:2.3:a:dhis2:dhis_2:2.36.0
Dhis2 » Dhis 2 » Version: 2.36.1

cpe:2.3:a:dhis2:dhis_2:2.36.1
Dhis2 » Dhis 2 » Version: 2.36.10

cpe:2.3:a:dhis2:dhis_2:2.36.10
Dhis2 » Dhis 2 » Version: 2.36.10.1

cpe:2.3:a:dhis2:dhis_2:2.36.10.1
Dhis2 » Dhis 2 » Version: 2.36.11

cpe:2.3:a:dhis2:dhis_2:2.36.11
Dhis2 » Dhis 2 » Version: 2.36.11.1

cpe:2.3:a:dhis2:dhis_2:2.36.11.1
Dhis2 » Dhis 2 » Version: 2.36.2

cpe:2.3:a:dhis2:dhis_2:2.36.2
Dhis2 » Dhis 2 » Version: 2.36.3

cpe:2.3:a:dhis2:dhis_2:2.36.3
Dhis2 » Dhis 2 » Version: 2.36.4

cpe:2.3:a:dhis2:dhis_2:2.36.4
Dhis2 » Dhis 2 » Version: 2.36.5

cpe:2.3:a:dhis2:dhis_2:2.36.5
Dhis2 » Dhis 2 » Version: 2.36.6

cpe:2.3:a:dhis2:dhis_2:2.36.6
Dhis2 » Dhis 2 » Version: 2.36.7

cpe:2.3:a:dhis2:dhis_2:2.36.7
Dhis2 » Dhis 2 » Version: 2.36.8

cpe:2.3:a:dhis2:dhis_2:2.36.8
Dhis2 » Dhis 2 » Version: 2.36.9

cpe:2.3:a:dhis2:dhis_2:2.36.9
Dhis2 » Dhis 2 » Version: 2.37.0

cpe:2.3:a:dhis2:dhis_2:2.37.0
Dhis2 » Dhis 2 » Version: 2.37.1

cpe:2.3:a:dhis2:dhis_2:2.37.1
Dhis2 » Dhis 2 » Version: 2.37.2

cpe:2.3:a:dhis2:dhis_2:2.37.2
Dhis2 » Dhis 2 » Version: 2.37.3

cpe:2.3:a:dhis2:dhis_2:2.37.3
Dhis2 » Dhis 2 » Version: 2.37.4

cpe:2.3:a:dhis2:dhis_2:2.37.4
Dhis2 » Dhis 2 » Version: 2.37.5

cpe:2.3:a:dhis2:dhis_2:2.37.5
Dhis2 » Dhis 2 » Version: 2.37.6

cpe:2.3:a:dhis2:dhis_2:2.37.6
Dhis2 » Dhis 2 » Version: 2.37.6.1

cpe:2.3:a:dhis2:dhis_2:2.37.6.1
Dhis2 » Dhis 2 » Version: 2.37.7

cpe:2.3:a:dhis2:dhis_2:2.37.7
Dhis2 » Dhis 2 » Version: 2.37.7.1

cpe:2.3:a:dhis2:dhis_2:2.37.7.1
Dhis2 » Dhis 2 » Version: 2.37.8

cpe:2.3:a:dhis2:dhis_2:2.37.8
Dhis2 » Dhis 2 » Version: 2.38.0

cpe:2.3:a:dhis2:dhis_2:2.38.0
Dhis2 » Dhis 2 » Version: 2.38.1

cpe:2.3:a:dhis2:dhis_2:2.38.1
Dhis2 » Dhis 2 » Version: 2.38.1.1

cpe:2.3:a:dhis2:dhis_2:2.38.1.1
Dhis2 » Dhis 2 » Version: 2.38.2

cpe:2.3:a:dhis2:dhis_2:2.38.2
Dhis2 » Dhis 2 » Version: 2.39.0

cpe:2.3:a:dhis2:dhis_2:2.39.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-41947

Products

Pricing

Contact Us