πŸ” CVE Alert

CVE-2022-32171

UNKNOWN 0.0

Zinc - Stored XSS

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s credentials.

CWE CWE-79
Vendor zinc
Product zinc
Published Oct 6, 2022
Last Updated Sep 17, 2024
Stay Ahead of the Next One

Get instant alerts for zinc zinc

Be the first to know when new unknown vulnerabilities affecting zinc zinc are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

zinc / zinc
v0.1.9 < unspecified unspecified ≀ v0.3.1

References

NVD β†— CVE.org β†— EPSS Data β†—
github.com: https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d mend.io: https://www.mend.io/vulnerability-database/CVE-2022-32171

Credits

Mend Vulnerability Research Team (MVR)