Vulnerability Description
The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smoothiecharts | Smoothie Charts | >= 1.31.0, < 1.36.1 |
Related Weaknesses (CWE)
References
- https://github.com/joewalnes/smoothie/commit/8e0920d50da82f4b6e605d56f41b69fbb96PatchThird Party Advisory
- https://github.com/joewalnes/smoothie/pull/147PatchThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-3177369ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-3177368Exploit
- https://security.snyk.io/vuln/SNYK-JS-SMOOTHIE-3177364ExploitThird Party Advisory
- https://github.com/joewalnes/smoothie/commit/8e0920d50da82f4b6e605d56f41b69fbb96PatchThird Party Advisory
- https://github.com/joewalnes/smoothie/pull/147PatchThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-3177369ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-3177368Exploit
- https://security.snyk.io/vuln/SNYK-JS-SMOOTHIE-3177364ExploitThird Party Advisory
FAQ
What is CVE-2022-25929?
CVE-2022-25929 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vuln...
How severe is CVE-2022-25929?
CVE-2022-25929 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25929?
Check the references section above for vendor advisories and patch information. Affected products include: Smoothiecharts Smoothie Charts.