Cross-site Scripting in hoppscotch/hoppscotch
CVE-2022-0121

8HIGH

Key Information:

Vendor: Hoppscotch
Status: Hoppscotch/hoppscotch
Vendor: CVE Published:; 6 January 2022

What is CVE-2022-0121?

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1.

Affected Version(s)

hoppscotch/hoppscotch < 2.1.1

References

https://huntr.dev/bounties/b70a6191-8226-4ac6-b817-cae733...

x_refsource_CONFIRM

https://github.com/hoppscotch/hoppscotch/commit/86ef1a4e1...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2022
Vulnerability Reserved
Jan 5, 2022

Hoppscotch

What is CVE-2022-0121?

Affected Version(s)

References

CVSS V3.1

Timeline