πŸ” CVE Alert

CVE-2022-32172

UNKNOWN 0.0

Zinc - Cross-Site Scripting

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’s credentials.

CWE CWE-79
Vendor zinc
Product zinc
Published Oct 6, 2022
Last Updated Sep 16, 2024
Stay Ahead of the Next One

Get instant alerts for zinc zinc

Be the first to know when new unknown vulnerabilities affecting zinc zinc are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

zinc / zinc
v0.1.9 < unspecified unspecified ≀ v0.3.1

References

NVD β†— CVE.org β†— EPSS Data β†—
mend.io: https://www.mend.io/vulnerability-database/CVE-2022-32172 github.com: https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d

Credits

Mend Vulnerability Research Team (MVR)