Moderate severityNVD Advisory· Published Oct 6, 2022· Updated Sep 16, 2024
Zinc - Cross-Site Scripting
CVE-2022-32172
Description
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’s credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/zincsearch/zincsearchGo | >= 0.1.9, < 0.3.2 | 0.3.2 |
github.com/zinclabs/zincGo | >= 0.1.9, < 0.3.2 | 0.3.2 |
Affected products
3- ghsa-coords2 versions
>= 0.1.9, < 0.3.2+ 1 more
- (no CPE)range: >= 0.1.9, < 0.3.2
- (no CPE)range: >= 0.1.9, < 0.3.2
- zinc/zincv5Range: v0.1.9
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-7j6x-42mm-p7jmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-32172ghsaADVISORY
- github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322dghsaWEB
- github.com/zincsearch/zincsearch/commit/3376c248bade163430f9347742428f0a82cd322dghsaWEB
- www.mend.io/vulnerability-database/CVE-2022-32172ghsaWEB
News mentions
0No linked articles in our index yet.