Lucene search
SnykCVE-2022-25849HistoryOct 26, 2022 - 5:15 a.m.
CVE-2022-25849
2022-10-2605:15:08
CWE-79
snyk
web.nvd.nist.gov
48
4
cve-2022-25849
cross-site scripting
xss
joyqi/hyper-down
parse markdown
nvd
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
34.0%
The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.
Affected configurations
Node
hyperdown_projecthyperdownnode.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hyperdown_project | hyperdown | * | cpe:2.3:a:hyperdown_project:hyperdown:*:*:*:*:*:node.js:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "joyqi/hyper-down",
"versions": [
{
"version": "0.0.0",
"status": "affected",
"lessThan": "unspecified",
"versionType": "custom"
}
]
}
]Social References
More
Related
prion
prion
Cross site scripting
2022-10-26 05:15:00
veracode
veracode
Cross-site Scripting (XSS)
2022-10-28 01:10:19
osv
osv
HyperDown vulnerable to Cross-site Scripting
2022-10-26 12:00:29
cvelist
cvelist
CVE-2022-25849 Cross-site Scripting (XSS)
2022-10-26 05:05:09
nvd
nvd
CVE-2022-25849
2022-10-26 05:15:08
github
github
HyperDown vulnerable to Cross-site Scripting
2022-10-26 12:00:29
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
34.0%
Related for CVE-2022-25849