CVE-2022-46165

creationtimestamp| type| source ---|---|--- 2025-01-07 18:37:29+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/504...

openSUSE: Security Advisory for syncthing (openSUSE-SU-2023:0126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : syncthing (2023-39eb10ec3c)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-39eb10ec3c advisory. Update to version 1.23.5. Addresses CVE-2022-46165. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

CVE-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

CVE-2022-46165

Syncthing (open source file sync) is vulnerable in versions prior to 1.23.5 due to a stored cross-site scripting (XSS) issue in the Web UI when sharing folders. An attacker could abuse shared folders to cause HTML/JavaScript in file names, and, if the user interacts with the UI (e.g., moves the m...

CVE-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...