Moderate severityNVD Advisory· Published Dec 21, 2022· Updated Apr 14, 2025
collective.contact.widget widgets.py title cross site scripting
CVE-2022-4638
Description
A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
collective.contact.widgetPyPI | < 1.13 | 1.13 |
Affected products
2- unspecified/collective.contact.widgetv5Range: 1.0
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-5pqf-rvm7-3wgwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-4638ghsaADVISORY
- github.com/collective/collective.contact.widget/commit/5da36305ca7ed433782be8901c47387406fcda12ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/collective-contact-widget/PYSEC-2022-42988.yamlghsaWEB
- vuldb.comghsaWEB
News mentions
0No linked articles in our index yet.