QwikSec

Security Database

CVE

CWE

Training

CVE-2022-24710

Published: Feb 25, 2022

Modified: Apr 23, 2025

PUBLISHED

CVSS v3.1

5.4

MEDIUM

Description

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic.

Vendor	Product	Versions
WeblateOrg	weblate	affected `< 4.11`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66

x_refsource_CONFIRM

https://github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0f8389

x_refsource_MISC

https://github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2952f1

x_refsource_MISC

https://github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750ab0bda

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.