CVE-2022-4728

Graphite Web Cookie cross site scripting

CVSS 3.5 LOWEPSS 0.8%CWE-707

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.5EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 Dec 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. VDB-216742 is the identifier assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Affected products

Graphite · Web

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23 https://github.com/graphite-project/graphite-web/issues/2744 https://github.com/graphite-project/graphite-web/pull/2785 https://vuldb.com/?id.216742