CVE-2022-41905

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-41905

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41905.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-41905

Aliases

Published

2022-11-11T00:00:00Z

Modified

2026-03-03T02:45:24.232213Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVSS Calculator

Summary

wsgidav is vulnerable to Cross-Site Scripting (XSS) when directory browsing is enabled

Details

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dir_browser.enable = False in the configuration.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41905.json"
}

References

Affected packages

Git / github.com/mar10/wsgidav

Affected ranges

Type: GIT
Repo: https://github.com/mar10/wsgidav
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e9606ab0f42f4c1a6611bc3c52de299b0aba7726

Introduced

c315accf76af47d2ad482df6cce7f68601be1015

Fixed

e9606ab0f42f4c1a6611bc3c52de299b0aba7726

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.5-a1

v3.0.5-a2

v3.0.5-a3

v3.1.0

v3.1.1

v4.*

v4.0.0

v4.0.0-a2

v4.0.1

v4.0.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41905.json"