SemanticDrilldown Extension XSS via printFilterLine GET Param
CVE-2022-4561 Published on December 16, 2022
SemanticDrilldown Extension GET Parameter SDBrowseDataPage.php printFilterLine cross site scripting
A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/specials/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215964.
Vulnerability Analysis
CVE-2022-4561 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Improper Neutralization
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
Products Associated with CVE-2022-4561
Want to know whenever a new CVE is published for MediaWiki Semantic Drilldown? stack.watch will email you.
Affected Versions
unspecified SemanticDrilldown Extension Version n/a is affected by CVE-2022-4561Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.