CVE-2022-1536

Summary

A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert("home")</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
unspecifiedautomad1.10.0affected
unspecifiedautomad1.10.1affected
unspecifiedautomad1.10.2affected
unspecifiedautomad1.10.3affected
unspecifiedautomad1.10.4affected
unspecifiedautomad1.10.5affected
unspecifiedautomad1.10.6affected
unspecifiedautomad1.10.7affected
unspecifiedautomad1.10.8affected
unspecifiedautomad1.10.9affected

Weaknesses

  • CWE-79: CWE-79 Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References