automad do 1.10.9 Dashboard title cross site scripting

Podatność, która została odkryta w automad do 1.10.9. Podatnością dotknięta jest nieznana funkcja w komponencie Dashboard. Dzięki manipulowaniu argumentem title wartością wejściową Home</title><script>alert("home")</script><title> przy użyciu nieznanych danych wejściowych można doprowadzić do wystąpienia podatności cross site scripting. Raport na temat podatności został udostępniony pod adresem github.com. Podatność ta jest znana jako CVE-2022-1536. Możliwe jest zdalne zainicjowanie ataku. Techniczne szczegóły są znane. Uważa się go za proof-of-concept. Exploit można ściągnąć pod adresem github.com. Potencjalne zabezpieczenie zostało opublikowane jeszcze przed po ujawnieniu podatności.

Pole2022-04-29 14:122022-05-04 09:252022-05-04 09:29
nameautomadautomadautomad
version<=1.10.9<=1.10.9<=1.10.9
componentDashboardDashboardDashboard
argumenttitletitletitle
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
urlhttps://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).mdhttps://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).mdhttps://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md
availability111
publicity111
urlhttps://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).mdhttps://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).mdhttps://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md
cveCVE-2022-1536CVE-2022-1536CVE-2022-1536
responsibleVulDBVulDBVulDB
date1651183200 (2022-04-29)1651183200 (2022-04-29)1651183200 (2022-04-29)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore3.43.43.4
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.23.23.2
cvss3_meta_basescore3.53.53.5
cvss3_meta_tempscore3.23.23.3
price_0day$0-$5k$0-$5k$0-$5k
input_valueHome</title><script>alert("home")</script><title>Home</title><script>alert("home")</script><title>Home</title><script>alert("home")</script><title>
cve_assigned1651183200 (2022-04-29)1651183200 (2022-04-29)
cve_nvd_summaryA vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Homealert("home") leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Homealert("home") leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aN
cve_cnaVulDB
cvss3_cna_basescore3.5

PoprzedniPrzeglądKolejny

Do you want to use VulDB in your project?

Use the official API to access entries easily!