Vulnerability Details : CVE-2022-4927
A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The patch is named abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287.
Products affected by CVE-2022-4927
- cpe:2.3:a:ualberta:neosdiscovery:1.0.70:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-4927
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-4927
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
VulDB | |
5.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
2.1
|
3.4
|
VulDB | |
5.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
2.1
|
3.4
|
VulDB | 2024-02-29 |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2022-4927
-
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.Assigned by: nvd@nist.gov (Primary)
-
The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.Assigned by: cna@vuldb.com (Secondary)
References for CVE-2022-4927
-
https://vuldb.com/?id.222287
Login requiredPermissions Required
-
https://vuldb.com/?ctiid.222287
Login requiredPermissions Required
-
https://github.com/ualbertalib/NEOSDiscovery/commit/abe9f57123e0c278ae190cd7402a623d66c51375
Reverse Tabnabbing · ualbertalib/NEOSDiscovery@abe9f57 · GitHubPatch
-
https://github.com/ualbertalib/NEOSDiscovery/releases/tag/1.0.71
Release Q4 2021 updates · ualbertalib/NEOSDiscovery · GitHubRelease Notes
-
https://github.com/ualbertalib/NEOSDiscovery/pull/547
Bump brakeman from 5.1.1 to 5.2.0 by dependabot[bot] · Pull Request #547 · ualbertalib/NEOSDiscovery · GitHubPatch;Release Notes
Jump to