Stored XSS Vulnerability in Cotonti Siena Web Application
CVE-2022-39839

4.8MEDIUM

Key Information:

Vendor: Cotonti
Status: Cotonti Siena
Vendor: CVE Published:; 5 September 2022

What is CVE-2022-39839?

A stored XSS vulnerability exists in Cotonti Siena 0.9.20, enabling authenticated administrators to inject malicious scripts through forum posts. This flaw risks exposing users to malicious payloads when they view affected content, potentially compromising user data and overall security.

References

https://github.com/Cotonti/Cotonti/issues/1661

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2022
Vulnerability Reserved
Sep 5, 2022

CVE-2022-39839 Data

JSON