{"id":"CVE-2022-30278","details":"A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to improper validation of user-supplied input to MadCap Flare's framework embedded within Black Duck Hub's Help Documentation to supply content. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information.","modified":"2026-07-08T06:01:48.235075043Z","published":"2022-05-10T19:47:30Z","database_specific":{"cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/30xxx/CVE-2022-30278.json","cna_assigner":"SNPS","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"fixed":"2022.4.0"}]}]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/30xxx/CVE-2022-30278.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30278"},{"type":"ADVISORY","url":"https://www.synopsys.com/blogs/software-security/cyrc-advisory-cross-site-scripting-vulnerability-black-duck-hub/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/blackducksoftware/hub","events":[{"introduced":"0"},{"fixed":"ca96c0fb9d8946ab26929e83edf029dd5df6d536"}],"database_specific":{"cpe":"cpe:2.3:a:synopsys:black_duck_hub:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"2022.4.0"}]}}],"versions":["v2022.2.1","v2022.2.0","v2021.10.5","v2021.10.4","v2021.10.3","v2021.10.2","v2021.10.1","v2021.10.0","v2021.8.4","v2021.8.3","v2021.8.2","v2021.8.1","v2021.8.0","v2021.6.2","v2021.6.1","v2021.6.0","v2021.4.2","v2021.4.1","v2021.4.0","v2021.2.1","v2021.2.0","v2020.12.0","v2020.10.1","v2020.10.0","v2020.8.1","v2020.6.2","v2020.6.1","v2020.6.0","v2020.4.2","v2020.4.1","v2020.4.0","v2020.2.1","v2020.2.0","v2019.12.1","v2019.10.3","v2019.10.2","v2019.12.0","v2019.10.1","v2019.10.0","v2019.8.1","v2019.8.0","v2019.6.2","v2019.6.1","v2019.6.0","v2019.4.3","v2019.4.2","v2019.4.1","v2019.4.0","v2019.2.2","v2019.2.1","v2019.2.0","v2018.12.4","v2018.12.3","v2018.12.2","v2018.12.1","v2018.12.0","v2018.11.1","v2018.11.0","v5.0.2","v5.0.1","v5.0.0","v4.8.3","v4.8.2","v4.8.1","v4.8.0","v4.7.3","v4.7.2","v4.7.1","v4.7.0","v4.6.2","v4.6.1","v4.6.0","v4.5.1","v4.5.0","v4.4.3","v4.4.2","v4.4.1","v4.4.0","v4.3.1","v4.3.0","v4.2.1","v4.2.0","v4.1.4","v4.1.3","4.1.3","v4.1.2","v4.1.1","v4.1.0","v4.0.0","v3.7.1","v3.7.0","v3.6.2","v3.6.1","v3.6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-30278.json"}}],"schema_version":"1.7.5"}