VYPR
Medium severity6.1NVD Advisory· Published Feb 14, 2022· Updated Jun 17, 2026

CVE-2022-23637

CVE-2022-23637

Description

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • K-Box/K-Boxllm-fuzzy2 versions
    <0.33.1+ 1 more
    • (no CPE)range: <0.33.1
    • (no CPE)range: < 0.33.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.