CVE-2022-48197

high-risk

Published 2023-01-02

Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Do I need to act?

!

36.7% chance of exploitation in next 30 days

EPSS score — higher than 63% of all CVEs

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

!

1 public exploit available

51198

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

6

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Yui

Affected Vendors

Yui Project

References (12)

http://packetstormsecurity.com/files/171633/Yahoo-User-Interface-TreeView-2.8.2-...

https://github.com/ryan412/CVE-2022-48197

Third Party Advisory https://github.com/ryan412/CVE-2022-48197/blob/main/README.md

https://github.com/yui/yui2/blob/yui2-2.8.2-8/sandbox/treeview/inc-rightbar.php

Third Party Advisory https://github.com/yui/yui2/tags

https://literatejava.com/security/is-it-really-a-cve-reported-xss-in-yui-2-8-2/

http://packetstormsecurity.com/files/171633/Yahoo-User-Interface-TreeView-2.8.2-...

https://github.com/ryan412/CVE-2022-48197

Third Party Advisory https://github.com/ryan412/CVE-2022-48197/blob/main/README.md

https://github.com/yui/yui2/blob/yui2-2.8.2-8/sandbox/treeview/inc-rightbar.php

Third Party Advisory https://github.com/yui/yui2/tags

https://literatejava.com/security/is-it-really-a-cve-reported-xss-in-yui-2-8-2/

51

/ 100

high-risk

Severity 23/34 · High

Exploitability 23/34 · High

Exposure 5/34 · Minimal