CVE-2022-31290
published 2022-07-08CVE-2022-31290: A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted…
PriorityP422medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.68%
47.9th percentile
A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| idno | known | 0 – 1.3.1 | — |
| withknown | known | <= 1.3.1 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Known v1.3.1 Cross-site Scripting
ghsa·2022-07-09
CVE-2022-31290 [MEDIUM] CWE-79 Known v1.3.1 Cross-site Scripting
Known v1.3.1 Cross-site Scripting
A cross-site scripting (XSS) vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.
The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the `dev` branch of the idno/known repository.
OSV
Known v1.3.1 Cross-site Scripting
osv·2022-07-09
CVE-2022-31290 [MEDIUM] Known v1.3.1 Cross-site Scripting
Known v1.3.1 Cross-site Scripting
A cross-site scripting (XSS) vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.
The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the `dev` branch of the idno/known repository.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://docs.withknown.com/en/latest/install/index.htmlhttps://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/https://github.com/idno/knownhttps://withknown.com/http://docs.withknown.com/en/latest/install/index.htmlhttps://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/https://github.com/idno/knownhttps://withknown.com/
2022-07-08
Published