Home > Vulnerability Database > CVE-2022-41905

Mend.io Vulnerability Database

CVE-2022-41905

Good to know:

Date: November 10, 2022

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration.

Language: Python

Severity Score

8.2

Related Resources (6)

Url: https://github.com/mar10/wsgidav/commit/e9606ab0f42f4c1a6611bc3c52de299b0aba7726

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41905

Url: https://github.com/mar10/wsgidav

Url: https://github.com/mar10/wsgidav/security/advisories/GHSA-xx6g-jj35-pxjv

Url: https://github.com/pypa/advisory-database/tree/main/vulns/wsgidav/PYSEC-2022-43018.yaml

Url: https://www.mend.io/vulnerability-database/CVE-2022-41905

Severity Score

8.2

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version wsgidav - 4.1.0

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41905

Good to know:

Date: November 10, 2022

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?