CVE-2022-41905 HIGH

CVE-2022-41905: wsgidav is vulnerable to Cross-Site Scripting (XSS) when directory browsing is enabled

Vendor Mar10

Product wsgidav

Weakness CWE-79 · XSS

Published November 11, 2022

Last update April 23, 2025

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration.

Key dates

02Disclosure timeline

November 11, 2022 CVE published

April 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-41905 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2022-41905: wsgidav is vulnerable to Cross-Site Scripting (XSS) when directory browsing is enabled

01Description

02Disclosure timeline

03References

04Related CVE