MidnightBSD

Advisories for phoronix-media

CVE-2022-0157 LOW

phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
fedoraproject fedora 35
phoronix-media phoronix_test_suite *
fedoraproject fedora 34
CVE-2022-0196 MEDIUM

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
fedoraproject fedora 35
phoronix-media phoronix_test_suite *
fedoraproject fedora 34
CVE-2022-0197 MEDIUM

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
fedoraproject fedora 35
phoronix-media phoronix_test_suite *
fedoraproject fedora 34
CVE-2022-0238 MEDIUM

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
fedoraproject fedora 35
phoronix-media phoronix_test_suite *
fedoraproject fedora 34
CVE-2022-0571 MEDIUM

Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 35
fedoraproject extra_packages_for_enterprise_linux 9.0
phoronix-media phoronix_test_suite *
fedoraproject extra_packages_for_enterprise_linux 8.0
fedoraproject fedora 34
fedoraproject extra_packages_for_enterprise_linux 7.0
CVE-2022-40704

A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite.

Products Affected

Vendor Product Version
phoronix-media phoronix_test_suite *