Description
In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.
Remediation
References
https://github.com/Graylog2/graylog2-server/pull/4904
https://www.graylog.org/post/announcing-the-release-of-graylog-2-4-6
Related Vulnerabilities
CVE-2022-2466 Vulnerability in maven package io.quarkus:quarkus-smallrye-graphql
CVE-2019-10767 Vulnerability in npm package iobroker.js-controller
CVE-2017-16044 Vulnerability in npm package d3.js
CVE-2022-21186 Vulnerability in npm package @acrontum/filesystem-template
CVE-2022-39243 Vulnerability in maven package com.zaxxer:nuprocess