CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

RedhatCVE•added 2026/01/09 8:41 a.m.•7 views

CVE-2022-0372

Cross-site Scripting XSS - Stored in Packagist bytefury/crater prior to 6.0.2...

7.6CVSS5.8AI score0.00263EPSS

Exploits1References1

Veracode•added 2022/01/28 3:27 a.m.•22 views

Cross-site Scripting (XSS)

bytefury/crater is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary code on victim's browser via a crafted .SVG file with Javascript embedded into it...

5.4CVSS3.4AI score0.00263EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2022/01/27 8:15 a.m.•3 views

CVE-2022-0372

Cross-site Scripting XSS - Stored in Packagist bytefury/crater prior to 6.0.2...

7.6CVSS6.5AI score0.00263EPSS

Exploits1References3

NVD•added 2022/01/27 8:15 a.m.•17 views

CVE-2022-0372

Cross-site Scripting XSS - Stored in Packagist bytefury/crater prior to 6.0.2...

7.6CVSS0.00263EPSS

Exploits1References2

Prion•added 2022/01/27 8:15 a.m.•15 views

Cross site scripting

Cross-site Scripting XSS - Stored in Packagist bytefury/crater prior to 6.0.2...

3.5CVSS5.2AI score0.00263EPSS

Exploits1References2Affected Software1

CVE•added 2022/01/27 7:35 a.m.•67 views

CVE-2022-0372

CVE-2022-0372 is a Stored XSS vulnerability in Crater’s packaging (bytefury/crater) prior to version 6.0.2. The issue is triggered by storing XSS content, allowing injected script to run in victims’ browsers. Affected software is Crater Invoice, specifically the bytefury/crater package before 6.0...

7.6CVSS5.3AI score0.00263EPSS

Exploits1References2Affected Software1