Lucene search

PRIOn knowledge basePRION:CVE-2022-42225

HistoryMay 24, 2023 - 8:15 p.m.

Cross site scripting

2023-05-2420:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

jumpserver

version 2.10.0

version 2.26.0

stored xss

improper filtering

user input

admin permission

nvd

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin’s permission.

CPENameOperatorVersion
linage2.10.0
linale2.26.0

CPE	Name	Operator	Version
	lina	ge	2.10.0
	lina	le	2.26.0

References

gist.github.com/bybit-sec/eb750c1d906c89e97092b29015472738

github.com/jumpserver/lina/blob/v2.10.0/src/views/settings/SystemMessageSubscription/SelectDialog.vue

github.com/jumpserver/lina/blob/v2.11.0/src/layout/components/NavHeader/SiteMessages.vue

github.com/jumpserver/lina/blob/v2.26.0/src/views/tickets/components/Comments.vue

github.com/jumpserver/lina/pull/2264