Lucene search
HistoryOct 06, 2022 - 6:16 p.m.
CVE-2022-32171
zinc
cross-site scripting
user credentials}
.
EPSS
0
Percentile
12.6%
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the userβs credentials.
Affected configurations
Node
zinclabszincRange0.1.9β0.3.1
Related
github
github
Zinc Cross-site Scripting vulnerability
2023-07-06 19:24:00
cve
cve
CVE-2022-32171
2022-10-06 18:16:02
cnvd
cnvd
Zinc delete user function cross-site scripting vulnerability
2022-10-10 00:00:00
prion
prion
Cross site scripting
2022-10-06 18:16:00
cvelist
cvelist
CVE-2022-32171 Zinc - Stored XSS
2022-10-06 17:14:15
veracode
veracode
Cross-site Scripting (XSS)
2022-10-07 01:50:34
osv
osv
CVE-2022-32171
2022-10-06 18:16:02
Zinc Cross-site Scripting vulnerability in github.com/zinclabs/zinc
2024-08-20 20:31:35
Zinc Cross-site Scripting vulnerability
2023-07-06 19:24:00