CVE-2022-46181

🗓️ 29 Dec 2022 19:08:15Reported by GitHub_MType

Gotify server XSS vulnerability in versions prior to 2.2.2 allows account takeover

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
Veracode	Cross-site Scripting (XSS)	30 Dec 202206:32	–	veracode
Github Security Blog	gotify/server vulnerable to Cross-site Scripting in the application image file upload	30 Dec 202200:58	–	github
OSV	GO-2022-1208 gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server	21 Aug 202416:03	–	osv
OSV	CVE-2022-46181	29 Dec 202219:15	–	osv
OSV	GHSA-XV6X-456V-24XH gotify/server vulnerable to Cross-site Scripting in the application image file upload	30 Dec 202200:58	–	osv
Prion	Spoofing	29 Dec 202219:15	–	prion
Vulnrichment	CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload	29 Dec 202218:36	–	vulnrichment
NVD	CVE-2022-46181	29 Dec 202219:15	–	nvd
Cvelist	CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload	29 Dec 202218:36	–	cvelist

Nvd

Vulners

Node

gotify serverRange<2.2.2

[
  {
    "vendor": "gotify",
    "product": "server",
    "versions": [
      {
        "version": "< 2.2.2",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/gotify/server/pull/535
github	www.github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh
github	www.github.com/gotify/server/pull/534

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 Dec 2022 19:15Current

5.7Medium risk

Vulners AI Score5.7

CVSS35.4 - 6.1

EPSS0.00201

SSVC

CWE-79