Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4u76-xepf-xkdg
Vulnerability ID VCID-4u76-xepf-xkdg
Aliases BIT-weblate-2022-24710
CVE-2022-24710
GHSA-6jp6-9rf9-gc66
PYSEC-2022-35
Summary Cross-site Scripting in Weblate
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2022-24710
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2022-24710
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2022-24710
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-6jp6-9rf9-gc66
cvssv3.1 5.4 https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2022-35.yaml
cvssv4 5.1 https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2022-35.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2022-35.yaml
cvssv3.1 5.4 https://github.com/WeblateOrg/weblate
cvssv4 5.1 https://github.com/WeblateOrg/weblate
generic_textual MODERATE https://github.com/WeblateOrg/weblate
cvssv3.1 5.4 https://github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0f8389
cvssv4 5.1 https://github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0f8389
generic_textual MODERATE https://github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0f8389
cvssv3.1 5.4 https://github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2952f1
cvssv4 5.1 https://github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2952f1
generic_textual MODERATE https://github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2952f1
cvssv3.1 5.4 https://github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750ab0bda
cvssv4 5.1 https://github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750ab0bda
generic_textual MODERATE https://github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750ab0bda
cvssv3.1 5.4 https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66
cvssv3.1_qr MODERATE https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66
cvssv4 5.1 https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66
generic_textual MODERATE https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66
cvssv3.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24710
cvssv4 5.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24710
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-24710
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-24710
https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2022-35.yaml
https://github.com/WeblateOrg/weblate
https://github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0f8389
https://github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2952f1
https://github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750ab0bda
CVE-2022-24710 https://nvd.nist.gov/vuln/detail/CVE-2022-24710
GHSA-6jp6-9rf9-gc66 https://github.com/advisories/GHSA-6jp6-9rf9-gc66
GHSA-6jp6-9rf9-gc66 https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2022-35.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2022-35.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/WeblateOrg/weblate
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/WeblateOrg/weblate
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0f8389
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0f8389
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2952f1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2952f1
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750ab0bda
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750ab0bda
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24710
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24710
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.54636
EPSS Score 0.00311
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:28:21.197643+00:00 GHSA Importer Import https://github.com/advisories/GHSA-6jp6-9rf9-gc66 38.6.0