QwikSec

Security Database

CVE

CWE

Training

CVE-2022-32172

Published: Oct 6, 2022

Modified: Sep 16, 2024

PUBLISHED

Description

In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’s credentials.

Vendor	Product	Versions
zinc	zinc	affected `v0.1.9 - < unspecified` affected `unspecified - <= v0.3.1`

Weaknesses (CWE)

References

https://www.mend.io/vulnerability-database/CVE-2022-32172

https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.