Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-38790
HistorySep 01, 2022 - 12:55 p.m.

CVE-2022-38790

2022-09-0112:55:42
mitre
www.cve.org
2
weave gitops enterprise
cross-site scripting
javascript injection
gitopscluster dashboard

EPSS

0.001

Percentile

32.1%

JSON

Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim’s permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource.

Related

cve 1
nvd 1
osv 1
prion 1
cve
cve
CVE-2022-38790
2022-09-01 13:15:09
nvd
nvd
CVE-2022-38790
2022-09-01 13:15:09
osv
osv
CVE-2022-38790
2022-09-01 13:15:09
prion
prion
Cross site scripting
2022-09-01 13:15:00

EPSS

0.001

Percentile

32.1%

JSON
Related for CVELIST:CVE-2022-38790
cve1nvd1osv1prion1