Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-35133

Опубликовано: 17 авг. 2022
Источник: debian
EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
cherrytreenot-affectedpackage

Примечания

  • https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing

  • https://bugzilla.suse.com/show_bug.cgi?id=1202513

  • https://github.com/giuspen/cherrytree/issues/2099

EPSS

Процентиль: 49%
0.00256
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-35133

CVSS3: 6.1
ubuntu
больше 3 лет назад

A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.

nvd логотип

CVE-2022-35133

CVSS3: 6.1
nvd
больше 3 лет назад

A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.

suse-cvrf логотип

openSUSE-SU-2022:10230-1

suse-cvrf
около 3 лет назад

Security update for cherrytree

github логотип

GHSA-x2hc-mh8w-2vp2

CVSS3: 6.1
github
больше 3 лет назад

A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.

EPSS

Процентиль: 49%
0.00256
Низкий