Reflected XSS Vulnerability in Cerebrate by Cerebrate Project
CVE-2022-25317

6.1MEDIUM

Key Information:

Vendor: Cerebrate-project
Status: Cerebrate
Vendor: CVE Published:; 18 February 2022

🔔 Create Cerebrate-project Vulnerability Alert

What is CVE-2022-25317?

A reflection XSS vulnerability exists in Cerebrate's genericForm feature, allowing attackers to exploit user-controlled form descriptions. This issue could allow malicious actors to inject scripts into web pages viewed by other users, potentially leading to data theft or other malicious outcomes. It is essential for users and administrators to update their systems to the latest version to mitigate this risk.

References

https://github.com/cerebrate-project/cerebrate/commit/e60...

https://zigrin.com/advisories/cerebrate-reflected-xss-in-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2022
Vulnerability Reserved
Feb 18, 2022

CVE-2022-25317 Data

JSON