CVE-2022-4396
LOWpyrdfa3 < 3.6.2 - Cross-Site Scripting in _get_option Function
Title source: llmDescription
A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References (3)
Core 3
Core References
Patch, Third Party Advisory
https://github.com/RDFLib/pyrdfa3/commit/ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e
Issue Tracking, Patch, Third Party Advisory
https://github.com/RDFLib/pyrdfa3/pull/40
Third Party Advisory
https://vuldb.com/?id.215249
Scores
CVSS v3
3.5
EPSS
0.0056
EPSS Percentile
41.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
CWE-707
Status
published
Products (2)
pypi/pyRdfa3
0 - 3.6.2PyPI
pyrdfa3_project/pyrdfa3
Published
Dec 10, 2022
Tracked Since
Feb 18, 2026