Lucene search
SnykCVELIST:CVE-2022-25929HistoryDec 21, 2022 - 11:14 p.m.
CVE-2022-25929 Cross-site Scripting (XSS)
2022-12-2123:14:33
snyk
www.cve.org
1
cve-2022-25929
cross-site scripting
xss
smoothie package
user input sanitization
strokestyle
tooltiplabel properties
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
EPSS
0.001
Percentile
49.6%
The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.
CNA Affected
[
{
"vendor": "n/a",
"product": "smoothie",
"versions": [
{
"version": "1.31.0",
"status": "affected",
"lessThan": "unspecified",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThan": "1.36.1",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2022-25929
2022-12-21 05:15:11
github
github
prion
prion
Cross site scripting
2022-12-21 05:15:00
nvd
nvd
CVE-2022-25929
2022-12-21 05:15:11
veracode
veracode
Cross-Site Scripting (XSS)
2022-12-22 06:58:17
cve
cve
CVE-2022-25929
2022-12-21 23:14:33
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
EPSS
0.001
Percentile
49.6%
Related for CVELIST:CVE-2022-25929