CVE-2022-1243 - OpenCVE

CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Uri.js Project	Uri.js

Configuration 1 [-]

cpe:2.3:a:uri.js_project:uri.js:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae	Patch Third Party Advisory
https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7	Exploit Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-04-05T15:05:18

Updated: 2022-04-05T15:05:18

Reserved: 2022-04-05T00:00:00

Link: CVE-2022-1243

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-05T15:15:08.097

Modified: 2023-07-24T13:46:01.397

Link: CVE-2022-1243

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "medialize/uri.js", "vendor": "medialize", "versions": [{"lessThan": "1.19.11", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-05T15:05:18", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae"}], "source": {"advisory": "8c5afc47-1553-4eba-a98e-024e4cc3dfb7", "discovery": "EXTERNAL"}, "title": "CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1243", "STATE": "PUBLIC", "TITLE": "CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "medialize/uri.js", "version": {"version_data": [{"version_affected": "<", "version_value": "1.19.11"}]}}]}, "vendor_name": "medialize"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7"}, {"name": "https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae", "refsource": "MISC", "url": "https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae"}]}, "source": {"advisory": "8c5afc47-1553-4eba-a98e-024e4cc3dfb7", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-1243", "datePublished": "2022-04-05T15:05:18", "dateReserved": "2022-04-05T00:00:00", "dateUpdated": "2022-04-05T15:05:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uri.js_project:uri.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCFE940B-2DE3-4D02-A96B-BF51B4B18ECD", "versionEndExcluding": "1.19.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11."}, {"lang": "es", "value": "CRHTLF puede conllevar a una extracci\u00f3n de protocolo no v\u00e1lida conllevando potencialmente a un ataque de tipo XSS en el repositorio de GitHub medialize/uri.js versiones anteriores a 1.19.11"}], "id": "CVE-2022-1243", "lastModified": "2023-07-24T13:46:01.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-05T15:15:08.097", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@huntr.dev", "type": "Secondary"}]}