CVE-2022-4587

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-4587

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4587.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-4587

Published

2022-12-17T13:15:09Z

Modified

2025-10-21T07:15:46.073945Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, has been found in Opencaching Deutschland oc-server3. This issue affects some unknown processing of the file htdocs/templates2/ocstyle/login.tpl of the component Login Page. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3296ebd61e7fe49e93b5755d5d7766d6e94a7667. It is recommended to apply a patch to fix this issue. The identifier VDB-216173 was assigned to this vulnerability.

References

Affected packages

Git / github.com/opencachingdeutschland/oc-server3

Affected ranges

Type: GIT
Repo: https://github.com/opencachingdeutschland/oc-server3
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3296ebd61e7fe49e93b5755d5d7766d6e94a7667

Affected versions

3.*

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

Other

pre_symfony_update

v3.*

v3.0.0

v3.0.1

v3.0.10

v3.0.11

v3.0.12

v3.0.13

v3.0.15

v3.0.16

v3.0.18

v3.0.19

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9