{"id":"PYSEC-2026-910","summary":"pyRdfa3 Cross-site Scripting vulnerability","details":"A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function `_get_option` of the file `pyRdfa/__init__.py`. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability.","aliases":["CVE-2022-4396","GHSA-894q-wpg5-mf2h"],"modified":"2026-07-07T11:45:49.911217899Z","published":"2026-07-07T10:17:25.449599Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4396"},{"type":"WEB","url":"https://github.com/RDFLib/pyrdfa3/issues/38"},{"type":"WEB","url":"https://github.com/RDFLib/pyrdfa3/pull/40"},{"type":"WEB","url":"https://github.com/RDFLib/pyrdfa3/commit/ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e"},{"type":"PACKAGE","url":"https://github.com/RDFLib/pyrdfa3"},{"type":"WEB","url":"https://vuldb.com/?id.215249"},{"type":"PACKAGE","url":"https://pypi.org/project/pyrdfa3"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-894q-wpg5-mf2h"}],"affected":[{"package":{"name":"pyrdfa3","ecosystem":"PyPI","purl":"pkg:pypi/pyrdfa3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.2"}]}],"versions":["3.5.0","3.5.1","3.5.2","3.5.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pyrdfa3/PYSEC-2026-910.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}