Lucene search
GoogleOSV:CVE-2022-25929HistoryDec 21, 2022 - 5:15 a.m.
CVE-2022-25929
2022-12-2105:15:11
Google
osv.dev
6
smoothie
cross-site scripting
xss
user input sanitization
strokestyle
tooltiplabel
vulnerability
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
49.6%
The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.
Related
github
github
prion
prion
Cross site scripting
2022-12-21 05:15:00
nvd
nvd
CVE-2022-25929
2022-12-21 05:15:11
osv
osv
veracode
veracode
Cross-Site Scripting (XSS)
2022-12-22 06:58:17
cvelist
cvelist
CVE-2022-25929 Cross-site Scripting (XSS)
2022-12-21 23:14:33
cve
cve
CVE-2022-25929
2022-12-21 23:14:33
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
49.6%
Related for OSV:CVE-2022-25929