Subscribe
CVE: CVE-2022-30278
Severity: High (7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L)
First Published: May 9, 2022
Last Updated: May 9, 2022
Summary
A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack.
The vulnerability is due to improper validation of user-supplied input to MadCap Flare’s framework embedded within Black Duck Hub’s help documentation. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface, letting the attacker conduct cross-site scripting attacks and gain access to sensitive browser-based information.
CVE-2022-30278 was addressed in the 2022.4.0 version of Black Duck Hub that was released on April 28, 2022, and can be found here: https://github.com/blackducksoftware/hub/releases/tag/v2022.4.0
Remediation
If your installation is hosted by Black Duck Hub, it was automatically patched during emergency maintenance without downtime on May 5, 2022.
If you are using an installation that is not hosted by Black Duck, you are advised to upgrade to the latest version as soon as possible. If you’re unable to do this for any reason, please submit a support case via https://community.blackduck.com/s/contactsupport
Continue Reading
A new identity for the Synopsys Software Integrity Group
Aug 12, 2024 / 2 min read
CyRC Vulnerability Advisory: CVE-2024-5184s prompt injection in EmailGPT service
Jun 04, 2024 / 1 min read
CyRC Vulnerability Advisory: CVE-2024-5185 Data Poisoning Vulnerability in EmbedAI Application
May 27, 2024 / 1 min read