CVE-2022-25276

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-25276

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25276.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-25276

Aliases

Related

UBUNTU-CVE-2022-25276

Published

2023-04-26T15:15:08Z

Modified

2024-09-03T04:13:07.590191Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.

References

https://www.drupal.org/sa-core-2022-015

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

698ee686c23de8c97d7e0601cf745b220d54f4e1

Fixed

32680a4aef16035fd6c90014761dcad8de628120

Affected versions

9.*

9.3.0

9.3.10

9.3.11

9.3.12

9.3.13

9.3.14

9.3.15

9.3.16

9.3.17

9.3.18

9.3.2

9.3.3

9.3.4

9.3.5

9.3.6

9.3.7

9.3.8

9.3.9