5 matches found
CVE-2022-31136
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as...
CVE-2022-31136
creationtimestamp| type| source ---|---|--- 2022-07-07 22:15:31+00:00| seen| https://t.me/cibsecurity/45763...
CVE-2022-31136 Cross-site Scripting in BookWyrm
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as...
CVE-2022-31136
Bookwyrm (an open source social reading app) is affected by CVE-2022-31136 due to improper sanitization of HTML rendered to users in profiles, book descriptions, and statuses before version 0.4.1. The root cause is inadequate HTML sanitization which enables cross-site scripting (XSS) by unprivile...
CVE-2022-31136 Cross-site Scripting in BookWyrm
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as...