Lucene search
SnykCVELIST:CVE-2022-25849HistoryOct 26, 2022 - 5:05 a.m.
CVE-2022-25849 Cross-site Scripting (XSS)
2022-10-2605:05:09
snyk
www.cve.org
1
cve-2022-25849
cross-site scripting
xss
vulnerable package
parse markdown
href attribute
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
34.0%
The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.
CNA Affected
[
{
"vendor": "n/a",
"product": "joyqi/hyper-down",
"versions": [
{
"version": "0.0.0",
"status": "affected",
"lessThan": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site scripting
2022-10-26 05:15:00
veracode
veracode
Cross-site Scripting (XSS)
2022-10-28 01:10:19
cve
cve
CVE-2022-25849
2022-10-26 05:15:08
osv
osv
HyperDown vulnerable to Cross-site Scripting
2022-10-26 12:00:29
nvd
nvd
CVE-2022-25849
2022-10-26 05:15:08
github
github
HyperDown vulnerable to Cross-site Scripting
2022-10-26 12:00:29
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
34.0%
Related for CVELIST:CVE-2022-25849