CVE-2022-21948: paste: XSS on the image upload function
First published: Tue Feb 07 2023(Updated: )
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openSUSE paste | <2011-12-05 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this issue is CVE-2022-21948.
What is the severity of CVE-2022-21948?
CVE-2022-21948 has a severity rating of medium (6.1).
How does CVE-2022-21948 affect openSUSE paste?
CVE-2022-21948 affects openSUSE paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions.
How can remote attackers exploit CVE-2022-21948?
Remote attackers can exploit CVE-2022-21948 by placing JavaScript into SVG files.
Is there a fix available for CVE-2022-21948?
The fix for CVE-2022-21948 is not specified in the provided information. Please refer to the provided reference for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/opensuse
- canonical/opensuse paste