CVE-2022-32172
Published Oct 6, 2022
Last updated a year ago
Overview
- Description
- In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’s credentials.
- Source
- vulnerabilitylab@mend.io
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zinclabs:zinc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A981E9CE-9302-4521-8705-DA42A2ADBF2F",
"versionEndIncluding": "0.3.1",
"versionStartIncluding": "0.1.9"
}
],
"operator": "OR"
}
]
}
]