CVE-2022-2036
published 2022-06-09CVE-2022-2036: Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.84%
53.4th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francoisjacquet | francoisjacquet_rosariosis | >= unspecified < 9.0.1 | 9.0.1 |
| francoisjacquet | rosariosis | >= 0 < 9.1 | 9.1 |
| rosariosis | rosariosis | < 9.0.1 | 9.0.1 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.09.0CRITICALCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cross site scripting in francoisjacquet/rosariosis
ghsa·2022-06-10
CVE-2022-2036 [MEDIUM] CWE-79 Cross site scripting in francoisjacquet/rosariosis
Cross site scripting in francoisjacquet/rosariosis
A Cross-site Scripting (XSS) vulnerability exists in in GitHub repository francoisjacquet/rosariosis prior to 9.1. HTML entities are not properly decoded from the URL.
OSV
Cross site scripting in francoisjacquet/rosariosis
osv·2022-06-10
CVE-2022-2036 [MEDIUM] Cross site scripting in francoisjacquet/rosariosis
Cross site scripting in francoisjacquet/rosariosis
A Cross-site Scripting (XSS) vulnerability exists in in GitHub repository francoisjacquet/rosariosis prior to 9.1. HTML entities are not properly decoded from the URL.
Suricata
ET EXPLOIT Potential External VMware vRealize Automation Authentication Bypass Vulnerability
suricata·2022-05-27
CVE-2022-22972 ET EXPLOIT Potential External VMware vRealize Automation Authentication Bypass Vulnerability
ET EXPLOIT Potential External VMware vRealize Automation Authentication Bypass Vulnerability
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Potential External VMware vRealize Automation Authentication Bypass Vulnerability"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/SAAS/auth/login/embeddedauthbroker/callback"; fast_pattern; http.content_type; content:"application/x-www-form-urlencoded"; http.request_body; content:"protected_state"; content:"userstore"; content:"username"; content:"password"; content:"userstoreDisplay"; content:"horizonRelayState"; content:"stickyConnectorId"; content:"action"; reference:url,horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/; classtype:attempted-admin; sid:2036
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398ahttps://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398ahttps://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905
2022-06-09
Published