CVE-2022-39240
CVE-2022-39240 affects MyGraph (permission management system). Versions prior to 1.0.4 are vulnerable to a storage XSS that can lead to Remote Code Execution; a fix is available in 1.0.4. Exploitation PoC exists per the advisory metrics; no publicly known workaround beyond upgrading to 1.0.4.