Lucene search
GitHub_PCVELIST:CVE-2022-23733HistoryAug 02, 2022 - 4:05 p.m.
CVE-2022-23733 Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes
2022-08-0216:05:14
CWE-79
GitHub_P
www.cve.org
0.001 Low
EPSS
Percentile
30.0%
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Githubβs Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.
CNA Affected
[
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.3.11",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.3",
"status": "affected",
"version": "3.5",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-23733
2022-08-02 16:15:10
prion
prion
Cross site scripting
2022-08-02 16:15:00
nvd
nvd
CVE-2022-23733
2022-08-02 16:15:10