Home > Vulnerability Database > CVE-2022-24710

Mend.io Vulnerability Database

CVE-2022-24710

Good to know:

Date: February 25, 2022

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic.

Language: Python

Severity Score

5.4

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-24710

Url: https://github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0f8389

Url: https://github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750ab0bda

Url: https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66

Url: https://github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2952f1

Url: https://www.mend.io/vulnerability-database/CVE-2022-24710

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version Weblate - 4.11

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-24710

Good to know:

Date: February 25, 2022

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?