Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Traffic Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-40743)

Description

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.

Remediation

References

Related Vulnerabilities

WordPress Plugin ThemeGrill Demo Importer Cross-Site Request Forgery (1.6.2)

WordPress Plugin SPNbabble Cross-Site Request Forgery (1.4.1)

WordPress Plugin Floating Social Bar Cross-Site Scripting (1.1.5)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-1615)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-0113)

Severity

Medium

Classification

CVE-2022-40743 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities