CVE-2022-23637
- Source
- https://cve.org/CVERecord?id=CVE-2022-23637
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23637.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-23637
- Aliases
-
- GHSA-wwcw-h4mf-mvxf
- Published
- 2022-02-14T20:45:11Z
- Modified
- 2026-04-10T04:45:21.805611Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Stored Cross-Site-Scripting (XSS) in Markdown Editor
- Details
-
K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23637.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-79" ] }- References
Affected packages
Git / github.com/k-box/k-box
Affected ranges
- Type
- GIT
- Repo
- https://github.com/k-box/k-box
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed