CVE-2022-41905
HIGHwsgidav 3.0.0-4.0.9 - Cross-Site Scripting via Directory Browsing
Title source: llmDescription
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration.
References (2)
Core 2
Core References
Patch, Third Party Advisory
https://github.com/mar10/wsgidav/commit/e9606ab0f42f4c1a6611bc3c52de299b0aba7726
Mitigation, Third Party Advisory
https://github.com/mar10/wsgidav/security/advisories/GHSA-xx6g-jj35-pxjv
Scores
CVSS v3
8.2
EPSS
0.0034
EPSS Percentile
25.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (2)
pypi/wsgidav
3.0.0a1 - 4.1.0PyPI
wsgidav_project/wsgidav
3.0.0 - 4.1.0
Published
Nov 11, 2022
Tracked Since
Feb 18, 2026