A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.
References
Link | Resource |
---|---|
https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing | Permissions Required |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-08-17T20:38:00
Updated: 2022-08-17T20:37:45
Reserved: 2022-07-04T00:00:00
Link: CVE-2022-35133
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-17T21:15:09.477
Modified: 2022-08-19T01:31:39.180
Link: CVE-2022-35133
JSON object: View
Redhat Information
No data.
CWE