Moderate severityNVD Advisory· Published Feb 25, 2022· Updated Apr 23, 2025
Cross-site Scripting in Weblate
CVE-2022-24710
Description
Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
WeblatePyPI | < 4.11 | 4.11 |
Affected products
4- osv-coords3 versions
< 4.11.0+ 2 more
- (no CPE)range: < 4.11.0
- (no CPE)range: < 4.11
- (no CPE)range: < 4.11-1.1
- Range: < 4.11
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-6jp6-9rf9-gc66ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24710ghsaADVISORY
- github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0f8389ghsax_refsource_MISCWEB
- github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2952f1ghsax_refsource_MISCWEB
- github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750ab0bdaghsax_refsource_MISCWEB
- github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66ghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2022-35.yamlghsaWEB
News mentions
0No linked articles in our index yet.