CVE-2022-3193

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-3193
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3193.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-3193
Published
2022-09-28T19:15:09Z
Modified
2024-09-03T04:16:57.921893Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages.

References

Affected packages

Git / github.com/ovirt/ovirt-engine

Affected ranges

Type
GIT
Repo
https://github.com/ovirt/ovirt-engine
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

Other

list

ovirt-engine-3.*

ovirt-engine-3.3-beta1
ovirt-engine-3.3_beta1
ovirt-engine-3.5.0_alpha1
ovirt-engine-3.5.0_alpha1.1
ovirt-engine-3.5.0_alpha2
ovirt-engine-3.5.0_beta1
ovirt-engine-3.6.0_alpha1
ovirt-engine-3.6.0_alpha1.1
ovirt-engine-3.6.0_alpha1.2
ovirt-engine-3.6.0_alpha2
ovirt-engine-3.6.0_alpha3
ovirt-engine-3.6.0_beta1
ovirt-engine-3.6.0_beta1.1
ovirt-engine-3.6.0_qa1
ovirt-engine-3.6.0_qa2
ovirt-engine-3.6.0_qa3
ovirt-engine-3.6.0_qa4

ovirt-engine-4.*

ovirt-engine-4.0.0_alpha1
ovirt-engine-4.0.0_beta1
ovirt-engine-4.1.0_beta1
ovirt-engine-4.2.0
ovirt-engine-4.2.0.1
ovirt-engine-4.2.0.2
ovirt-engine-4.2.0_beta1
ovirt-engine-4.2.0_beta2
ovirt-engine-4.2.0_test1
ovirt-engine-4.2.1
ovirt-engine-4.2.1.1
ovirt-engine-4.2.1.2
ovirt-engine-4.2.1.3
ovirt-engine-4.2.1.4
ovirt-engine-4.3.0
ovirt-engine-4.3.0_alpha
ovirt-engine-4.3.0_alpha2
ovirt-engine-4.3.0_rc
ovirt-engine-4.3.0_rc2