CVE-2022-32172

Q: How severe is CVE-2022-32172?

CVSS scoring is not yet available for CVE-2022-32172. Check NVD for updates.

Q: Is there a patch for CVE-2022-32172?

Check the references section above for vendor advisories and patch information. Affected products include: Zinclabs Zinc.

Vulnerability Description

In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’s credentials.

Affected Products

Vendor	Product	Versions
Zinclabs	Zinc	>= 0.1.9, <= 0.3.1

Related Weaknesses (CWE)

CWE-79

References

https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322dPatchThird Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-32172Third Party Advisory
https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322dPatchThird Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-32172Third Party Advisory

FAQ

What is CVE-2022-32172?

CVE-2022-32172 is a documented vulnerability. In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in ...

How severe is CVE-2022-32172?

CVSS scoring is not yet available for CVE-2022-32172. Check NVD for updates.

Is there a patch for CVE-2022-32172?

Check the references section above for vendor advisories and patch information. Affected products include: Zinclabs Zinc.