CVE-2022-23077

Summary

In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page.

Affected Software

VendorProductVersion RangeStatus
habiticahabiticav4.119.1 < unspecifiedaffected
habiticahabiticaunspecified <= v4.232.2affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References