CVE-2022-35133

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-35133

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35133.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-35133

Related

Published

2022-08-17T21:15:09Z

Modified

2025-01-14T09:16:04.750117Z

Downstream

openSUSE-SU-2022:10230-1

openSUSE-SU-2024:12330-1

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.

References

https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing

Affected packages

Git / github.com/giuspen/cherrytree

Affected ranges

Type: GIT
Repo: https://github.com/giuspen/cherrytree
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4ecd0e6fe2fc2e49387b9b5f7b8d06695e6056fe

Affected versions

0.*

0.23

0.23.1

0.24

0.25

0.25.1

0.25.2

0.25.3

0.25.4

0.26

0.26.1

0.26.2

0.26.3

0.27

0.27.1

0.28

0.28.1

0.28.2

0.28.3

0.28.4

0.28.5

0.29

0.29.1

0.29.2

0.29.3

0.29.4

0.30.0

0.30.1

0.30.2

0.30.3

0.30.4

0.30.5

0.31.0

0.31.1

0.31.2

0.31.3

0.31.4

0.31.5

0.32.0

0.33.0

0.33.1

0.33.2

0.33.3

0.33.4

0.34.0

0.34.1

0.35.0

0.35.1

0.35.10

0.35.11

0.35.2

0.35.3

0.35.4

0.35.5

0.35.6

0.35.7

0.35.8

0.35.9

0.36.0

0.36.1

0.36.2

0.36.3

0.36.4

0.36.5

0.36.6

0.36.7

0.36.8

0.37.0

0.37.1

0.37.2

0.38.0

0.38.1

0.38.10

0.38.11

0.38.2

0.38.3

0.38.4

0.38.5

0.38.6

0.38.7

0.38.8

0.38.9

0.39.0

0.39.1

0.39.2

0.39.3

0.39.4

0.99.13

0.99.14

0.99.15

0.99.16

0.99.17

0.99.18

0.99.19

0.99.20

0.99.21

0.99.22

0.99.23

0.99.24

0.99.25

0.99.26

0.99.27

0.99.28

0.99.29

0.99.30