{"id":"PYSEC-2022-42988","details":"A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496.","aliases":["CVE-2022-4638","GHSA-5pqf-rvm7-3wgw"],"modified":"2023-11-08T04:10:56.495503Z","published":"2022-12-21T22:15:00Z","references":[{"type":"WEB","url":"https://vuldb.com/?id.216496"},{"type":"FIX","url":"https://github.com/collective/collective.contact.widget/commit/5da36305ca7ed433782be8901c47387406fcda12"}],"affected":[{"package":{"name":"collective-contact-widget","ecosystem":"PyPI","purl":"pkg:pypi/collective-contact-widget"},"ranges":[{"type":"GIT","repo":"https://github.com/collective/collective.contact.widget","events":[{"introduced":"0"},{"fixed":"5da36305ca7ed433782be8901c47387406fcda12"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12"}]}],"versions":["0.10","0.11","0.12","1.0","1.0rc1","1.1","1.10","1.11","1.2","1.2.1","1.2.2","1.3","1.4","1.5","1.6","1.7","1.8","1.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/collective-contact-widget/PYSEC-2022-42988.yaml"}}],"schema_version":"1.7.3"}