exploitDog

CVE-2022-32172

Опубликовано: 06 окт. 2022

Источник: nvd

EPSS Низкий

Описание

In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’s credentials.

Ссылки

https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d
Patch
Third Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-32172
Third Party Advisory
https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d
Patch
Third Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-32172
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zinclabs:zinc:*:*:*:*:*:*:*:*

Версия от 0.1.9 (включая) до 0.3.1 (включая)

EPSS

Процентиль: 63%

0.00442

Низкий

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-7j6x-42mm-p7jm

CVSS3: 5.4

github

больше 2 лет назад

Zinc Cross-site Scripting vulnerability

EPSS

Процентиль: 63%

0.00442

Низкий

Дефекты

CWE-79

CWE-79