CVE-2022-21650

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-21650
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21650.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-21650
Related
  • GHSA-mm2v-4v7g-m695
Published
2022-01-04T21:15:07Z
Modified
2025-01-15T02:14:05.345093Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after uploading a file the XSS attack is triggered upon a user viewing the file. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.

References

Affected packages

Git / github.com/convos-chat/convos

Affected ranges

Type
GIT
Repo
https://github.com/convos-chat/convos
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v0.*

v0.99.35
v0.99_21
v0.99_22
v0.99_23
v0.99_25
v0.99_26
v0.99_27
v0.99_28
v0.99_29
v0.99_30
v0.99_31
v0.99_32
v0.99_33
v0.99_34
v0.99_36
v0.99_37
v0.99_38
v0.99_39
v0.99_40

v1.*

v1.00
v1.01
v1.02

v2.*

v2.00

v3.*

v3.00
v3.01
v3.02
v3.03
v3.04
v3.05
v3.06
v3.08
v3.09
v3.10
v3.11
v3.12

v4.*

v4.00
v4.01
v4.02
v4.03
v4.04
v4.05
v4.06
v4.07
v4.08
v4.09
v4.10
v4.11
v4.12
v4.13
v4.14
v4.15
v4.16
v4.18
v4.19
v4.21
v4.22
v4.23
v4.24
v4.25
v4.26
v4.27
v4.28
v4.29
v4.30
v4.31
v4.32
v4.34
v4.35
v4.36
v4.37
v4.38
v4.39
v4.40
v4.41
v4.42

v5.*

v5.00
v5.01
v5.02
v5.03
v5.04
v5.05
v5.06
v5.07
v5.08
v5.09
v5.10
v5.11
v5.12
v5.13
v5.14
v5.15
v5.16
v5.17
v5.18
v5.19
v5.21
v5.22
v5.23
v5.24
v5.25
v5.26
v5.27
v5.28
v5.29
v5.30
v5.31
v5.32

v6.*

v6.00
v6.01
v6.02
v6.03
v6.04
v6.06
v6.07
v6.08
v6.09
v6.10
v6.11
v6.12
v6.13
v6.14
v6.15
v6.16
v6.17
v6.18
v6.19
v6.20
v6.21
v6.22
v6.23
v6.24
v6.25
v6.26
v6.27
v6.28
v6.29
v6.30
v6.31
v6.32
v6.33
v6.35
v6.36
v6.37
v6.38
v6.40
v6.41
v6.42
v6.43
v6.44
v6.45
v6.46
v6.47