CVE-2022-32171
Published Oct 6, 2022
Last updated 6 months ago
- Description
- In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s credentials.
- Source
- vulnerabilitylab@mend.io
- NVD status
- Modified
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zinclabs:zinc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A981E9CE-9302-4521-8705-DA42A2ADBF2F",
"versionEndIncluding": "0.3.1",
"versionStartIncluding": "0.1.9"
}
],
"operator": "OR"
}
]
}
]