Unrated severityNVD Advisory· Published Aug 17, 2022· Updated Aug 3, 2024
CVE-2022-35133
CVE-2022-35133
Description
A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.
Affected products
4- CherryTree/CherryTreedescription
- Range: =0.99.30
- osv-coords2 versionspkg:rpm/opensuse/cherrytree&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/cherrytree&distro=SUSE%20Package%20Hub%2015%20SP4
< 0.99.49+3-bp154.2.3.2+ 1 more
- (no CPE)range: < 0.99.49+3-bp154.2.3.2
- (no CPE)range: < 0.99.49+3-bp154.2.3.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/viewmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.