CVE-2022-4942 LOW

CVE-2022-4942: mportuga eslint-detailed-reporter template-generator.js renderIssue cross site scripting

Vendor Mportuga
Product eslint-detailed-reporter
Weakness CWE-79 · XSS
Published April 20, 2023
Last update August 3, 2024

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in mportuga eslint-detailed-reporter up to 0.9.0 and classified as problematic. Affected by this issue is the function renderIssue in the library lib/template-generator.js. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The patch is identified as 505c190efd4905990db6207863bdcbd9b1d7e1bd. It is recommended to apply a patch to fix this issue. VDB-226310 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

April 20, 2023 CVE published
August 3, 2024 Record updated