CVE-2022-41905

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41905

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41905.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-41905

Aliases

Published

2022-11-11T00:00:00Z

Modified

2025-10-22T18:35:08.908404Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVSS Calculator

Summary

wsgidav is vulnerable to Cross-Site Scripting (XSS) when directory browsing is enabled

Details

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dir_browser.enable = False in the configuration.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Git / github.com/mar10/wsgidav

Affected ranges

Type: GIT
Repo: https://github.com/mar10/wsgidav
Events: Introduced

04b7ff73d62eb459a14f35731a7c5de311f06a9f

Fixed

749440bd8f943c97184e45f3b07fdce4a81bfd76

Affected versions

v3.*

v3.0.0

v3.0.0a1

v3.0.0a2

v3.0.0a3

v3.0.0a4

v3.0.0a5

v3.0.0a6

v3.0.0a7

v3.0.1

v3.0.2

v3.0.3

v3.0.5-a1

v3.0.5-a2

v3.0.5-a3

v3.1.0

v3.1.1

v4.*

v4.0.0

v4.0.0-a2

v4.0.1

v4.0.2