CVE-2022-4731 LOW

CVE-2022-4731: myapnea Title cross site scripting

Vendor N/A
Product myapnea
Weakness CWE-79 · XSS
Published December 25, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

2.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in myapnea up to 29.0.x. Affected is an unknown function of the component Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 29.1.0 is able to address this issue. The name of the patch is 99934258530d761bd5d09809bfa6c14b598f8d18. It is recommended to upgrade the affected component. VDB-216750 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

December 25, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-1724 Simple Membership < 4.1.1 - Reflected Cross-Site Scripting CVE-2015-10118 cchetanonline WP-CopyProtect wp-copyprotect.php CopyProtect_options_page cross site scripting CVE-2025-10584 Portabilis i-Educar educar_calendario_anotacao_cad.php cross site scripting CVE-2026-3825 WellChoose|IFTOP - Reflected Cross-site Scripting CVE-2025-22286 WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.21 - Reflected Cross Site Scripting (XSS) vulnerability