CVE-2022-4882 LOW

CVE-2022-4882: kaltura mwEmbed Share Plugin share.js cross site scripting

Vendor Kaltura
Product mwEmbed
Weakness CWE-79 · XSS
Published January 9, 2023
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

2.6/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.92.rc1 is able to address this issue. The name of the patch is 4f11b6f6610acd6d89de5f8be47cf7c610643845. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217664.

Key dates

02Disclosure timeline

January 9, 2023 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-30955 WordPress ListingEasy theme <= 1.9.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2021-21080 Adobe Connect Reflected Cross-site Scripting via query parameter CVE-2026-43939 YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers CVE-2024-29907 WordPress SEO Backlink Monitor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-1536 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar