What is GHSA-fxmx-pfm2-85m2?

GHSA-fxmx-pfm2-85m2 is a security advisory published by GitHub Security Advisories with Medium severity. Cross-site Scripting in Ericsson CodeChecker

Which CVE IDs does GHSA-fxmx-pfm2-85m2 cover?

GHSA-fxmx-pfm2-85m2 covers the following CVE IDs: CVE-2021-44217. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

Which products are affected by GHSA-fxmx-pfm2-85m2?

GHSA-fxmx-pfm2-85m2 affects 1 product, including: pip/codechecker:\u003c 6.18.2.

GHSA-fxmx-pfm2-85m2Medium

Cross-site Scripting in Ericsson CodeChecker

Vendor

GitHub Security Advisories

Published

January 21, 2022

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2021-44217 →

📋 Description

In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.

🎯 Affected products1

pip/codechecker:< 6.18.2

🔗 References (10)

https://nvd.nist.gov/vuln/detail/CVE-2021-44217
https://github.com/Ericsson/codechecker/pull/3549
https://github.com/Hyperkopite/CVE-2021-44217/blob/main/README.md
https://user-images.githubusercontent.com/9525971/142965091-e118b012-a7fc-4c2f-ad0c-80aeed6f7ec9.png
https://github.com/Ericsson/codechecker/commit/72ee51158e6d81150320223b85410c179b9ee2b1
https://github.com/Ericsson/codechecker/releases/tag/v6.18.2
https://codechecker-demo.eastus.cloudapp.azure.com
https://github.com/Ericsson/codechecker/releases
https://github.com/pypa/advisory-database/tree/main/vulns/codechecker-api/PYSEC-2022-43181.yaml
https://github.com/advisories/GHSA-fxmx-pfm2-85m2