CVE-2022-3950
- Source
- https://cve.org/CVERecord?id=CVE-2022-3950
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3950.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-3950
- Published
- 2022-11-11T14:15:10.113Z
- Modified
- 2026-03-14T11:52:46.337137Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456.
- References
Affected packages
Git / github.com/sanluan/publiccms
Affected versions
Other
V2016
V4.*
V4.0.180707
V4.0.181024
V4.0.190312
V4.0.202004
V4.0.202011
V4.0.202107
V4.0.202107.b
V4.0.202107.c
V4.0.202107.d
V4.0.202107.f
V4.0.202204.a
V4.0.202204.b
V4.0.202204.c
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3950.json"
vanir_signatures
[
{
"signature_type": "Line",
"source": "https://github.com/sanluan/publiccms/commit/55bd211118c4d15c8fec40653f64e69af971df25",
"id": "CVE-2022-3950-39c11435",
"deprecated": false,
"target": {
"file": "publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/component/paymentgateway/WechatGatewayComponent.java"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"155681381663850741566644829577359853396",
"186438113003641927941077460479681782790",
"109270784050928739913702843366405568843",
"282925968043335026571289795180346172854",
"257167961453780289953089239683157274655",
"315282065808508944075098391236026669684",
"154617572226124905957306294387979501848",
"26385198169500658876631783378641631934",
"94730495439801449637214468905159288109",
"183879127327186661089020136297838229735",
"119048300649836436047684710949085825851",
"276902353523523890109287176640296987929",
"122349690119292273781458739241843079011",
"149403604538149653496012361720340040868",
"290751258029683475928033567559955494847",
"40039723491414116865480753675163744977",
"187190230533589055800834368057820121892",
"139757494958338973831989344439763577054",
"15555553127740318817999318460274128604",
"314324046959757927481595794513837160927",
"90556685228672799915555046160125671990",
"323784928389309579266685826243963452862",
"47556057687050172481380060630233564276",
"43147256635353479352434496891002106241",
"167870753967820542537792862864463981031",
"121835287278472098227319747786147468647",
"219293233939690744615825424319457883935",
"195213973543389807008658999622887104482",
"334461846709717149236789681694012926871",
"92250478546156948419446652839565860853",
"241801820521860248226705587271094153723",
"211983373597410183096068023475203257769",
"217526647126041904395549320514881094504",
"44558252900203371361734257434600889504",
"100809272408415366292558909461224162991",
"161046930489366053227264835488542770678",
"273374492893914301833501174011007708531",
"193410550010896152329848088932663585153",
"42997576029913097004154430018041184773",
"273038934634869041583920411893246075339",
"203276367277848937298349518281968120999",
"71268914736011087185151775328450383966",
"331599354427403874800740426029189723786",
"24505208231312200431950031090484021002",
"155681381663850741566644829577359853396",
"32922676578471167217568861830082647036",
"51732193525384337102055725022983097108",
"317353073215459809937754706298611606634",
"297822871494129983841853372070165635015",
"159853079866462381844003338722430301115",
"174338080597070064710555081325707613400",
"80088916315407950156696320519990906744",
"262804083386493422911312644158392510456",
"179754571269403589666665736521702304567",
"170207110657049732363855084586596559700",
"285939083095781287580116447140029840730",
"49649835291455199241359592435512385468",
"111498635198316491295367208330375802558",
"87299137765132677138136890506964016038",
"10339365739868058254513313758300098742",
"241430374954907895871991323739092693941",
"16271435629428407800370225847608967341",
"276809760130994371734768421629550638380",
"175210656907071865215735595173913773220",
"181334505787450290496301379688389838562",
"160280312478380710531774852489833737476",
"215139863516771141803374331094605598466",
"178635563130210226180720150905121090791",
"182834276016060047484441765216718375875",
"91215559361378749652972617152959802863",
"194918735337796358834549427112547460433",
"100586552108645409713392507349718821091",
"175418866317677008445333315512791432751",
"76805073577764387038042157982476359910",
"308698408644411430329549738328570779990",
"279739786301825124710409661487800493787",
"320164438095190129827675013424924308662",
"290757810422622480651346550669524240299",
"18939020680052808953691395823665533135",
"163459245421278856176190373667126561199",
"141811467886644298544232435278955593086",
"133169065390655706653275320517061442992",
"239056299203300448727554647322979377051",
"65580496865992976274821326938245887279",
"273670833687667675546660769684736269508",
"222359186283788851239484315529118678549",
"280360407366783617358481232622393175799",
"70282893231917375004879876833940707646",
"138507935644161979239717225113849530516",
"237914534764550700992390240962439957423",
"13567290749390991024942800639347948971",
"119762693728795513957638896783864759650",
"19569542759853774926627419914226887701",
"3330704500561716218208033014712863539"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"source": "https://github.com/sanluan/publiccms/commit/55bd211118c4d15c8fec40653f64e69af971df25",
"id": "CVE-2022-3950-aa82f073",
"deprecated": false,
"target": {
"file": "publiccms-parent/publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradePaymentController.java"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"329431262006797924171345123168290787514",
"116561917763389673647720596266623396228",
"24417923833327871893235827968412266755",
"243241912956311022482287742155681464317",
"254525780436993097913185760109225674062",
"132162588096721216041524041430997369230",
"57080478656679870005744579580947250800",
"201947354857680769750898439509589118908",
"167390220294861572363064543008136096861",
"280378841384382074265820887454436099716",
"95391091057830396940047993906165756498",
"11328414378941232988421408064290640175"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"source": "https://github.com/sanluan/publiccms/commit/55bd211118c4d15c8fec40653f64e69af971df25",
"id": "CVE-2022-3950-ad6a03c1",
"deprecated": false,
"target": {
"function": "pay",
"file": "publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/component/paymentgateway/WechatGatewayComponent.java"
},
"signature_version": "v1",
"digest": {
"length": 3230.0,
"function_hash": "64938515874538232362223589953253148716"
}
},
{
"signature_type": "Function",
"source": "https://github.com/sanluan/publiccms/commit/55bd211118c4d15c8fec40653f64e69af971df25",
"id": "CVE-2022-3950-c8621137",
"deprecated": false,
"target": {
"function": "notifyAlipay",
"file": "publiccms-parent/publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradePaymentController.java"
},
"signature_version": "v1",
"digest": {
"length": 1553.0,
"function_hash": "61790576677004999198561036890459182004"
}
},
{
"signature_type": "Function",
"source": "https://github.com/sanluan/publiccms/commit/55bd211118c4d15c8fec40653f64e69af971df25",
"id": "CVE-2022-3950-fab349e9",
"deprecated": false,
"target": {
"function": "refund",
"file": "publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/component/paymentgateway/WechatGatewayComponent.java"
},
"signature_version": "v1",
"digest": {
"length": 3828.0,
"function_hash": "30777741329119887498689587612785265741"
}
}
]