Moderate severityNVD Advisory· Published Feb 9, 2022· Updated Aug 2, 2024
Cross-site Scripting (XSS) - Stored in ptrofimov/beanstalk_console
CVE-2022-0539
Description
Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ptrofimov/beanstalk_consolePackagist | < 1.7.14 | 1.7.14 |
Affected products
1- Range: unspecified
Patches
15aea5f912f6eapplying htmlspecialchars for sanitization output
2 files changed · +5 −5
lib/tpl/main.php+2 −2 modified@@ -65,7 +65,7 @@ <ul class="dropdown-menu"> <li><a href="./?">All servers</a></li> <?php foreach (array_diff($servers, array($server)) as $key => $serverItem): ?> - <li><a href="./?server=<?php echo $serverItem ?>"><?php echo empty($key) || is_numeric($key) ? $serverItem : $key ?></a></li> + <li><a href="./?server=<?php echo htmlspecialchars($serverItem) ?>"><?php echo empty($key) || is_numeric($key) ? htmlspecialchars($serverItem) : $key ?></a></li> <?php endforeach ?> </ul> </li> @@ -77,7 +77,7 @@ </a> <ul class="dropdown-menu"> <?php foreach ($servers as $key => $serverItem): ?> - <li><a href="./?server=<?php echo $serverItem ?>"><?php echo empty($key) || is_numeric($key) ? $serverItem : $key ?></a></li> + <li><a href="./?server=<?php echo htmlspecialchars($serverItem) ?>"><?php echo empty($key) || is_numeric($key) ? htmlspecialchars($serverItem) : $key ?></a></li> <?php endforeach ?> </ul> </li>
lib/tpl/serversList.php+3 −3 modified@@ -44,9 +44,9 @@ ?> <tr> <?php if (empty($stats)): ?> - <td style="white-space: nowrap;"><?php echo $label ?></td> + <td style="white-space: nowrap;"><?php echo htmlspecialchars($label) ?></td> <?php else: ?> - <td style="white-space: nowrap;"><a href="./?server=<?php echo $server ?>"><?php echo $label; ?></a></td> + <td style="white-space: nowrap;"><a href="./?server=<?php echo htmlspecialchars($server) ?>"><?php echo htmlspecialchars($label); ?></a></td> <?php endif ?> <?php foreach ($stats as $key => $item): ?> <?php @@ -69,7 +69,7 @@ <td colspan="<?php echo count($visible) ?>" class="row-full"> </td> <?php endif ?> <td><?php if (array_intersect(array($server), $cookieServers)): ?> - <a class="btn btn-xs btn-danger" title="Remove from list" href="./?action=serversRemove&removeServer=<?php echo $server ?>"><span + <a class="btn btn-xs btn-danger" title="Remove from list" href="./?action=serversRemove&removeServer=<?php echo htmlspecialchars($server) ?>"><span class="glyphicon glyphicon-minus"></span></a> <?php endif; ?> </td>
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-2cjf-w7c4-fhf6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-0539ghsaADVISORY
- github.com/ptrofimov/beanstalk_console/commit/5aea5f912f6e6d19dedb1fdfc25a29a2e1fc1694ghsax_refsource_MISCWEB
- huntr.dev/bounties/5f41b182-dda2-4c6f-9668-2a9afaed53afghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.