x/vulndb: potential Go vuln in github.com/librespeed/speedtest: CVE-2022-4957

[GoVulnBot]

CVE-2022-4957 references github.com/librespeed/speedtest, which may be a Go module.

Description:
A vulnerability was found in librespeed speedtest up to 5.2.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file results/stats.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. Upgrading to version 5.2.5 is able to address this issue. The patch is named a85f2c086f3449dffa8fe2edb5e2ef3ee72dc0e9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-246643.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-4957
• JSON: https://github.com/CVEProject/cvelist/tree/b6546379f05541304de0c124140ceb54bb4f7832/2022/4xxx/CVE-2022-4957.json
• web: https://vuldb.com/?id.246643
• web: https://vuldb.com/?ctiid.246643
• fix: librespeed/speedtest@a85f2c0
• web: https://github.com/librespeed/speedtest/releases/tag/5.2.5
• Imported by: https://pkg.go.dev/github.com/librespeed/speedtest?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/librespeed/speedtest
      vulnerable_at: 0.0.0-20231202113115-022c2a976f6d
      packages:
        - package: speedtest
cves:
    - CVE-2022-4957
references:
    - web: https://vuldb.com/?id.246643
    - web: https://vuldb.com/?ctiid.246643
    - fix: https://github.com/librespeed/speedtest/commit/a85f2c086f3449dffa8fe2edb5e2ef3ee72dc0e9
    - web: https://github.com/librespeed/speedtest/releases/tag/5.2.5

[gopherbot]

Change https://go.dev/cl/547979 mentions this issue: data/excluded: batch add 11 excluded reports