VWE-2022-6401 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2022-6401
This page is a chapter in Info Known Vulnerabilities

This page has been seen 419 times.

- Created by
  pegasus
  on March 3, 2024
  
  Last updated by
  pegasus
  on March 4, 2024

Common Name None
VWE-ID VWE-2022-6401
Related Report None
Severity MEDIUM
Exploit Difficulty NORMAL
Platform Affects all platforms supported by the vulnerable versions.
Description HTML Injection. By leveraging a flaw in the cropping of overly-long WIKI BB-Code uses, a malicious user can modify the expected contents of HTML blocks outside the intended user-generated content locations.

Discovered February 2, 2022
Resolved March 5, 2022
Patches Available 4.1.4 Patch Level 1
4.1.3 Patch Level 3
4.1.2 Patch Level 6
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2022-6401
Related Report	None
Severity	MEDIUM
Exploit Difficulty	NORMAL
Platform	Affects all platforms supported by the vulnerable versions.
Description	HTML Injection. By leveraging a flaw in the cropping of overly-long WIKI BB-Code uses, a malicious user can modify the expected contents of HTML blocks outside the intended user-generated content locations.
Discovered	February 2, 2022
Resolved	March 5, 2022
Patches Available	4.1.4 Patch Level 1 4.1.3 Patch Level 3 4.1.2 Patch Level 6