CVE-2022-3941 · CVEKit

cve.orgen

410 chars

A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448.

NVDen

410 chars

A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448.

NVDes

454 chars

Una vulnerabilidad ha sido encontrada en Activity Log Plugin y clasificada como crítica. Código desconocido del componente HTTP Header Handler es afectado por esta vulnerabilidad. La manipulación del argumento X-Forwarded-For conduce a una neutralización de salida inadecuada para los registros. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-213448.

CVSS metrics across sources

4

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N