CVE-2022-42466

CVE-2022-42466: XSS vulnerability, eg for String properties.

Vendor Apache Software Foundation

Product Apache Isis

Weakness CWE-79 · XSS

Published October 19, 2022

Last update May 8, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release, the inputted strings are properly escaped when rendered.

Key dates

02Disclosure timeline

October 19, 2022 CVE published

May 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-42466 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-40211 WordPress GiveWP plugin <= 2.25.1 - Cross Site Scripting (XSS) via render_dropdown vulnerability CVE-2025-68147 opensourcepos has a Cross-site Scripting vulnerability CVE-2024-11387 Easy Liveblogs <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-5970 PHPGurukul Restaurant Table Booking System add-subadmin.php cross site scripting CVE-2024-36371