CVE-2022-32171

Q: How severe is CVE-2022-32171?

CVSS scoring is not yet available for CVE-2022-32171. Check NVD for updates.

Q: Is there a patch for CVE-2022-32171?

Check the references section above for vendor advisories and patch information. Affected products include: Zinclabs Zinc.

Vulnerability Description

In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s credentials.

Affected Products

Vendor	Product	Versions
Zinclabs	Zinc	>= 0.1.9, <= 0.3.1

Related Weaknesses (CWE)

CWE-79

References

https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322dPatchThird Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-32171Third Party Advisory
https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322dPatchThird Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-32171Third Party Advisory

FAQ

What is CVE-2022-32171?

CVE-2022-32171 is a documented vulnerability. In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the us...

How severe is CVE-2022-32171?

CVSS scoring is not yet available for CVE-2022-32171. Check NVD for updates.

Is there a patch for CVE-2022-32171?

Check the references section above for vendor advisories and patch information. Affected products include: Zinclabs Zinc.