CVE-2022-4882

Summary

A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.92.rc1 is able to address this issue. The name of the patch is 4f11b6f6610acd6d89de5f8be47cf7c610643845. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217664.

Affected Software

VendorProductVersion RangeStatus
kalturamwEmbed2.0affected
kalturamwEmbed2.1affected
kalturamwEmbed2.2affected
kalturamwEmbed2.3affected
kalturamwEmbed2.4affected
kalturamwEmbed2.5affected
kalturamwEmbed2.6affected
kalturamwEmbed2.7affected
kalturamwEmbed2.8affected
kalturamwEmbed2.9affected
kalturamwEmbed2.10affected
kalturamwEmbed2.11affected
kalturamwEmbed2.12affected
kalturamwEmbed2.13affected
kalturamwEmbed2.14affected
kalturamwEmbed2.15affected
kalturamwEmbed2.16affected
kalturamwEmbed2.17affected
kalturamwEmbed2.18affected
kalturamwEmbed2.19affected
kalturamwEmbed2.20affected
kalturamwEmbed2.21affected
kalturamwEmbed2.22affected
kalturamwEmbed2.23affected
kalturamwEmbed2.24affected
kalturamwEmbed2.25affected
kalturamwEmbed2.26affected
kalturamwEmbed2.27affected
kalturamwEmbed2.28affected
kalturamwEmbed2.29affected
kalturamwEmbed2.30affected
kalturamwEmbed2.31affected
kalturamwEmbed2.32affected
kalturamwEmbed2.33affected
kalturamwEmbed2.34affected
kalturamwEmbed2.35affected
kalturamwEmbed2.36affected
kalturamwEmbed2.37affected
kalturamwEmbed2.38affected
kalturamwEmbed2.39affected
kalturamwEmbed2.40affected
kalturamwEmbed2.41affected
kalturamwEmbed2.42affected
kalturamwEmbed2.43affected
kalturamwEmbed2.44affected
kalturamwEmbed2.45affected
kalturamwEmbed2.46affected
kalturamwEmbed2.47affected
kalturamwEmbed2.48affected
kalturamwEmbed2.49affected
kalturamwEmbed2.50affected
kalturamwEmbed2.51affected
kalturamwEmbed2.52affected
kalturamwEmbed2.53affected
kalturamwEmbed2.54affected
kalturamwEmbed2.55affected
kalturamwEmbed2.56affected
kalturamwEmbed2.57affected
kalturamwEmbed2.58affected
kalturamwEmbed2.59affected
kalturamwEmbed2.60affected
kalturamwEmbed2.61affected
kalturamwEmbed2.62affected
kalturamwEmbed2.63affected
kalturamwEmbed2.64affected
kalturamwEmbed2.65affected
kalturamwEmbed2.66affected
kalturamwEmbed2.67affected
kalturamwEmbed2.68affected
kalturamwEmbed2.69affected
kalturamwEmbed2.70affected
kalturamwEmbed2.71affected
kalturamwEmbed2.72affected
kalturamwEmbed2.73affected
kalturamwEmbed2.74affected
kalturamwEmbed2.75affected
kalturamwEmbed2.76affected
kalturamwEmbed2.77affected
kalturamwEmbed2.78affected
kalturamwEmbed2.79affected
kalturamwEmbed2.80affected
kalturamwEmbed2.81affected
kalturamwEmbed2.82affected
kalturamwEmbed2.83affected
kalturamwEmbed2.84affected
kalturamwEmbed2.85affected
kalturamwEmbed2.86affected
kalturamwEmbed2.87affected
kalturamwEmbed2.88affected
kalturamwEmbed2.89affected
kalturamwEmbed2.90affected
kalturamwEmbed2.91affected

Weaknesses

  • CWE-79: CWE-79 Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References