CVE-2022-4513

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-4513
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4513.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-4513
Published
2022-12-15T20:15:10Z
Modified
2025-10-21T07:15:19.454683Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability.

References

Affected packages

Git / github.com/eea/eionet.contreg

Affected ranges

Type
GIT
Repo
https://github.com/eea/eionet.contreg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a120c2153e263e62c4db34a06ab96a9f1c6bccb6
Fixed
ebb5bac8dfb020554a36fa015a1c3bef700adce8

Affected versions

Other

2021-08-10T0913
2021-10-18T1514
2021-12-06T1417
2021-12-15T1157
2021-12-20T1143
2022-01-14T1523
2022-04-14T1147
2022-05-24T1407

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "function_hash": "291766690054689174007335976283353075022",
            "length": 61.0
        },
        "target": {
            "function": "setUri",
            "file": "src/main/java/eionet/cr/web/action/factsheet/FactsheetActionBean.java"
        },
        "source": "https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c6bccb6",
        "signature_type": "Function",
        "id": "CVE-2022-4513-3ddb2cb2"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "109716919426651240874763354902061270573",
                "50971795767043370246865493425822085841",
                "43705636024550604102539654960742358331",
                "115573468973361860569008290543740021383"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/main/java/eionet/cr/web/action/factsheet/FactsheetActionBean.java"
        },
        "source": "https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c6bccb6",
        "signature_type": "Line",
        "id": "CVE-2022-4513-77ed2ea6"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "44009963968453302676748712366949947276",
                "331551094413578595634944611216908208772",
                "201387197250488008082750346311107453299",
                "72858227104987213436395399215477680001",
                "40829780042211735530104363448623988551",
                "288130195056198940585807537526708082867",
                "174456401461637494251451368174855139381",
                "271310014619308501437625874547082334968"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/main/java/eionet/cr/web/action/TagSearchActionBean.java"
        },
        "source": "https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c6bccb6",
        "signature_type": "Line",
        "id": "CVE-2022-4513-7a450272"
    }
]