Cross-Site Scripting Flaw in Jorani by bbalet
CVE-2022-48118

6.1MEDIUM

Key Information:

Vendor: Jorani
Status: Jorani
Vendor: CVE Published:; 27 January 2023

What is CVE-2022-48118?

Jorani version 1.0 contains a cross-site scripting (XSS) vulnerability that can be exploited through manipulation of the Acronym parameter. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising sensitive information and leading to unauthorized actions. Users are advised to implement security measures to mitigate the risk posed by this vulnerability.

References

https://github.com/bbalet/jorani/issues/379

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2023
Vulnerability Reserved
Dec 29, 2022

JSON