← back
CVE-2022-4585

Opencaching Deutschland oc-server3 Cookie start.tpl cross site scripting

CVSS 3.5 LOWEPSS 0.5%CWE-707
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 3.5EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Dec 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability classified as problematic has been found in Opencaching Deutschland oc-server3. This affects an unknown part of the file htdocs/templates2/ocstyle/start.tpl of the component Cookie Handler. The manipulation of the argument usercountryCode leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is c720f2777a452186c67ef30db3679dd409556544. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216171.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Affected products
Opencaching Deutschland · oc-server3

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/OpencachingDeutschland/oc-server3/commit/c720f2777a452186c67ef30db3679dd409556544https://github.com/OpencachingDeutschland/oc-server3/pull/894https://vuldb.com/?id.216171