Vulnerability Description
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yui Project | Yui | >= 2000, <= 2800 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171633/Yahoo-User-Interface-TreeView-2.8.2-
- https://github.com/ryan412/CVE-2022-48197
- https://github.com/ryan412/CVE-2022-48197/blob/main/README.mdThird Party Advisory
- https://github.com/yui/yui2/blob/yui2-2.8.2-8/sandbox/treeview/inc-rightbar.php
- https://github.com/yui/yui2/tagsThird Party Advisory
- https://literatejava.com/security/is-it-really-a-cve-reported-xss-in-yui-2-8-2/
- http://packetstormsecurity.com/files/171633/Yahoo-User-Interface-TreeView-2.8.2-
- https://github.com/ryan412/CVE-2022-48197
- https://github.com/ryan412/CVE-2022-48197/blob/main/README.mdThird Party Advisory
- https://github.com/yui/yui2/blob/yui2-2.8.2-8/sandbox/treeview/inc-rightbar.php
- https://github.com/yui/yui2/tagsThird Party Advisory
- https://literatejava.com/security/is-it-really-a-cve-reported-xss-in-yui-2-8-2/
FAQ
What is CVE-2022-48197?
CVE-2022-48197 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: Th...
How severe is CVE-2022-48197?
CVE-2022-48197 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48197?
Check the references section above for vendor advisories and patch information. Affected products include: Yui Project Yui.