Vulnerability Description
Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Weblate | Weblate | < 4.11 |
Related Weaknesses (CWE)
References
- https://github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0PatchThird Party Advisory
- https://github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2PatchThird Party Advisory
- https://github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750aPatchThird Party Advisory
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66PatchThird Party Advisory
- https://github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0PatchThird Party Advisory
- https://github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2PatchThird Party Advisory
- https://github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750aPatchThird Party Advisory
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66PatchThird Party Advisory
FAQ
What is CVE-2022-24710?
CVE-2022-24710 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutra...
How severe is CVE-2022-24710?
CVE-2022-24710 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24710?
Check the references section above for vendor advisories and patch information. Affected products include: Weblate Weblate.