CVE Vulnerability

CVE-2022-41905

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration.

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/mar10/wsgidav/commit/e9606ab0f42f4c1a6611bc3c52de299b0aba7726 Patch Third Party Advisory
https://github.com/mar10/wsgidav/security/advisories/GHSA-xx6g-jj35-pxjv Mitigation Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:wsgidav_project:wsgidav:*:*:*:*:*:*:*:*
Information

Published : 2022-11-11 09:15

Updated : 2022-11-16 06:10

NVD link : CVE-2022-41905

Mitre link : CVE-2022-41905

Products Affected
No products.
CWE
CWE-79