CVE-2022-41905 WebDAV server WSGI is vulnerable to XSS attacks, which has been patched in version 4.1.0.
When using the `WebDAV backend for file storage (S3 or Rackspace) or email storage`, do not enable Cookies or Access Control. When using the `File storage backend`, set `file_storage.file_type = “STANDARD”` to avoid XSS attacks. When using the `Email storage backend`, do not enable cookies or access control. When using the `File storage backend`, set `file_storage.file_type = “STANDARD”` to avoid XSS attacks. When using the `Email storage backend`, do not enable cookies or access control. When using the `File storage backend`, set `file_storage.file_type = “STANDARD”` to avoid XSS attacks. When using the `Email storage backend`, do not enable cookies or access control. When using the `File storage backend`, set `file_storage.file_type = “STANDARD”` to avoid XSS attacks.
Credit: The initial analysis of this vulnerability was done by https://www.linkedin.com/in/lakshmivi and covered in the original blog post.
Timeline
Published on: 11/11/2022 21:15:00 UTC
Last modified on: 11/16/2022 18:10:00 UTC