CVE-2022-4902 LOW

CVE-2022-4902: eXo Chat Application Mention ExoChatMessageComposer.vue cross site scripting

Vendor Exo
Product Chat Application
Weakness CWE-79 · XSS
Published February 6, 2023
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.3.0-20220417 is able to address this issue. The name of the patch is 26bf307d3658d1403cfd5c3ad423ce4c4d1cb2dc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220212.

Key dates

02Disclosure timeline

February 6, 2023 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-43716 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) CVE-2023-48219 Special characters in unescaped text nodes can trigger mXSS in TinyMCE CVE-2025-24416 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-29104 WordPress Ticket Tailor plugin <= 1.10 - Cross Site Scripting (XSS) vulnerability CVE-2025-22759 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability