Cross-Site Scripting Vulnerability in SHIRASAGI by SS Project
CVE-2022-29485

6.1MEDIUM

Key Information:

Vendor

Shirasagi Project

Status
Shirasagi
Vendor
CVE Published:
14 June 2022

What is CVE-2022-29485?

A cross-site scripting vulnerability has been identified in SHIRASAGI versions 1.0.0 to 1.14.2, as well as version 1.15.0. This vulnerability allows remote attackers to exploit specific vectors to inject arbitrary scripts into web pages viewed by users. This threat poses significant security risks, potentially allowing for data theft, session hijacking, or defacement of web content. Organizations utilizing affected versions are strongly encouraged to update their systems to the latest secure version to mitigate these risks. For further information and support, you can refer to the links provided.

Affected Version(s)

SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0

References

https://www.ss-proj.org/
x_refsource_MISC
https://github.com/shirasagi/shirasagi
x_refsource_MISC
https://www.ss-proj.org/support/843.html
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.