What is CVE-2022-24710?

CVE-2022-24710 is a medium-severity vulnerability in Weblateorg Weblate, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2022-02-25.

How severe is CVE-2022-24710?

Medium severity. CVSS v3 base score is 5.4 out of 10.

XSS in Weblateorg Weblate

CVE-2022-24710

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cros…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (54.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.

Affected products

Weblateorg Weblate — versions < 4.11

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66 (x_refsource_CONFIRM)
github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0f8389 (x_refsource_MISC)
github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2952f1 (x_refsource_MISC)
github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750ab0bda (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-24710?: CVE-2022-24710 is a medium-severity vulnerability in Weblateorg Weblate, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2022-02-25.
How severe is CVE-2022-24710?: Medium severity. CVSS v3 base score is 5.4 out of 10.