Lucene search
PRIOn knowledge basePRION:CVE-2022-23637HistoryFeb 14, 2022 - 9:15 p.m.
Cross site scripting
2022-02-1421:15:00
PRIOn knowledge base
www.prio-n.com
2
0.001 Low
EPSS
Percentile
19.5%
K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links.
Related
osv
osv
CVE-2022-23637
2022-02-14 21:15:09
cve
cve
CVE-2022-23637
2022-02-14 21:15:09
cnvd
cnvd
K-Box Cross-Site Scripting Vulnerability
2022-02-16 00:00:00
cvelist
cvelist
CVE-2022-23637 Stored Cross-Site-Scripting (XSS) in Markdown Editor
2022-02-14 20:45:11
nvd
nvd
CVE-2022-23637
2022-02-14 21:15:09