MGASA-2024-0074

Source
https://advisories.mageia.org/MGASA-2024-0074.html
Import Source
https://advisories.mageia.org/MGASA-2024-0074.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2024-0074
Related
Published
2024-03-20T03:35:18Z
Modified
2024-03-20T03:09:37Z
Summary
Updated cherrytree packages fix security vulnerability
Details

A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. (CVE-2022-35133)

References
Credits

Affected packages

Mageia:9 / cherrytree

Package

Name
cherrytree
Purl
pkg:rpm/mageia/cherrytree?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.4-1.mga9

Ecosystem specific

{
    "section": "core"
}