Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
9 vulnerabilities by kromit
CVE-2026-21695 (GCVE-0-2026-21695)
Vulnerability from cvelistv5 – Published: 2026-01-07 23:19 – Updated: 2026-01-08 18:16
VLAI
Title
Titra API Contains Mass Assignment Vulnerability
Summary
Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint uses the JavaScript spread operator (...customfields) to merge user-controlled input directly into the database document. While customfields is validated as an Object type, there is no validation of which keys are permitted inside that object. This allows attackers to overwrite protected fields such as userId, hours, and state. The issue is fixed in version 0.99.50.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kromitgmbh/titra/security/advi… | x_refsource_CONFIRM |
| https://github.com/kromitgmbh/titra/commit/29e6b8… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kromitgmbh | titra |
Affected:
< 0.99.50
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21695",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T15:06:15.389331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T18:16:33.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-gc65-vr47-jppq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "titra",
"vendor": "kromitgmbh",
"versions": [
{
"status": "affected",
"version": "\u003c 0.99.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint uses the JavaScript spread operator (...customfields) to merge user-controlled input directly into the database document. While customfields is validated as an Object type, there is no validation of which keys are permitted inside that object. This allows attackers to overwrite protected fields such as userId, hours, and state. The issue is fixed in version 0.99.50."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T23:19:01.616Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-gc65-vr47-jppq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-gc65-vr47-jppq"
},
{
"name": "https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938"
}
],
"source": {
"advisory": "GHSA-gc65-vr47-jppq",
"discovery": "UNKNOWN"
},
"title": "Titra API Contains Mass Assignment Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21695",
"datePublished": "2026-01-07T23:19:01.616Z",
"dateReserved": "2026-01-02T18:45:27.397Z",
"dateUpdated": "2026-01-08T18:16:33.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21694 (GCVE-0-2026-21694)
Vulnerability from cvelistv5 – Published: 2026-01-07 23:10 – Updated: 2026-01-08 19:23
VLAI
Title
Titra APIs have Improper Access Control
Summary
Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.
Severity
6.8 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kromitgmbh/titra/security/advi… | x_refsource_CONFIRM |
| https://github.com/kromitgmbh/titra/commit/29e6b8… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kromitgmbh | titra |
Affected:
< 0.99.50
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21694",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T19:23:45.425198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T19:23:48.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "titra",
"vendor": "kromitgmbh",
"versions": [
{
"status": "affected",
"version": "\u003c 0.99.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users\u0027 time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T23:10:48.362Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c"
},
{
"name": "https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938"
}
],
"source": {
"advisory": "GHSA-mr2r-wjf8-cj3c",
"discovery": "UNKNOWN"
},
"title": "Titra APIs have Improper Access Control"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21694",
"datePublished": "2026-01-07T23:10:48.362Z",
"dateReserved": "2026-01-02T18:45:27.397Z",
"dateUpdated": "2026-01-08T19:23:48.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69288 (GCVE-0-2025-69288)
Vulnerability from cvelistv5 – Published: 2025-12-31 21:55 – Updated: 2026-01-02 14:35
VLAI
Title
Titra has Remote Code Execution in Admin Functionality
Summary
Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version 0.99.49 fixes the issue.
Severity
9.1 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/kromitgmbh/titra/security/advi… | x_refsource_CONFIRM |
| https://github.com/kromitgmbh/titra/commit/2e2ac5… | x_refsource_MISC |
| https://github.com/kromitgmbh/titra/releases/tag/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kromitgmbh | titra |
Affected:
< 0.99.49
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69288",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T14:16:04.622176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T14:35:24.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-pqgx-6wg3-gmvr"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "titra",
"vendor": "kromitgmbh",
"versions": [
{
"status": "affected",
"version": "\u003c 0.99.49"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version 0.99.49 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T21:55:44.667Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-pqgx-6wg3-gmvr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-pqgx-6wg3-gmvr"
},
{
"name": "https://github.com/kromitgmbh/titra/commit/2e2ac5cbeed47a76720b21c7fde0214a242e065e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/commit/2e2ac5cbeed47a76720b21c7fde0214a242e065e"
},
{
"name": "https://github.com/kromitgmbh/titra/releases/tag/0.99.49",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/releases/tag/0.99.49"
}
],
"source": {
"advisory": "GHSA-pqgx-6wg3-gmvr",
"discovery": "UNKNOWN"
},
"title": "Titra has Remote Code Execution in Admin Functionality"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-69288",
"datePublished": "2025-12-31T21:55:44.667Z",
"dateReserved": "2025-12-31T16:39:43.832Z",
"dateUpdated": "2026-01-02T14:35:24.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2595 (GCVE-0-2022-2595)
Vulnerability from cvelistv5 – Published: 2022-08-01 14:13 – Updated: 2024-08-03 00:46
VLAI
Title
Improper Authorization in kromitgmbh/titra
Summary
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.
Severity
9.8 (Critical)
CWE
- CWE-285 - Improper Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9… | x_refsource_CONFIRM |
| https://github.com/kromitgmbh/titra/commit/fe8c3c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kromitgmbh | kromitgmbh/titra |
Affected:
unspecified , < 0.79.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:02.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kromitgmbh/titra",
"vendor": "kromitgmbh",
"versions": [
{
"lessThan": "0.79.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T14:13:06.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5"
}
],
"source": {
"advisory": "1c6afb84-2025-46d8-9e9f-cbfc20e5d04d",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in kromitgmbh/titra",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2595",
"STATE": "PUBLIC",
"TITLE": "Improper Authorization in kromitgmbh/titra"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kromitgmbh/titra",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.79.1"
}
]
}
}
]
},
"vendor_name": "kromitgmbh"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d"
},
{
"name": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5",
"refsource": "MISC",
"url": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5"
}
]
},
"source": {
"advisory": "1c6afb84-2025-46d8-9e9f-cbfc20e5d04d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2595",
"datePublished": "2022-08-01T14:13:06.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:46:02.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2098 (GCVE-0-2022-2098)
Vulnerability from cvelistv5 – Published: 2022-06-16 09:50 – Updated: 2024-08-03 00:24
VLAI
Title
Weak Password Requirements in kromitgmbh/titra
Summary
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.
Severity
7.1 (High)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a5d6c854-e158-49e9-bf4… | x_refsource_CONFIRM |
| https://github.com/kromitgmbh/titra/commit/7f0907… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kromitgmbh | kromitgmbh/titra |
Affected:
unspecified , < 0.78.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a5d6c854-e158-49e9-bf40-bddc93dda7e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kromitgmbh/titra/commit/7f09078a2ab88c35f2375c5f67bd0336c0e6c7a1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kromitgmbh/titra",
"vendor": "kromitgmbh",
"versions": [
{
"lessThan": "0.78.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T09:50:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a5d6c854-e158-49e9-bf40-bddc93dda7e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/commit/7f09078a2ab88c35f2375c5f67bd0336c0e6c7a1"
}
],
"source": {
"advisory": "a5d6c854-e158-49e9-bf40-bddc93dda7e6",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in kromitgmbh/titra",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2098",
"STATE": "PUBLIC",
"TITLE": "Weak Password Requirements in kromitgmbh/titra"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kromitgmbh/titra",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.78.1"
}
]
}
}
]
},
"vendor_name": "kromitgmbh"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521 Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a5d6c854-e158-49e9-bf40-bddc93dda7e6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a5d6c854-e158-49e9-bf40-bddc93dda7e6"
},
{
"name": "https://github.com/kromitgmbh/titra/commit/7f09078a2ab88c35f2375c5f67bd0336c0e6c7a1",
"refsource": "MISC",
"url": "https://github.com/kromitgmbh/titra/commit/7f09078a2ab88c35f2375c5f67bd0336c0e6c7a1"
}
]
},
"source": {
"advisory": "a5d6c854-e158-49e9-bf40-bddc93dda7e6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2098",
"datePublished": "2022-06-16T09:50:10.000Z",
"dateReserved": "2022-06-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2026 (GCVE-0-2022-2026)
Vulnerability from cvelistv5 – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24
VLAI
Title
Cross-site Scripting (XSS) - Stored in kromitgmbh/titra
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.
Severity
8.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kromitgmbh/titra/commit/e606b6… | x_refsource_MISC |
| https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kromitgmbh | kromitgmbh/titra |
Affected:
unspecified , < 0.77.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5e-8f31f98e5e11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kromitgmbh/titra",
"vendor": "kromitgmbh",
"versions": [
{
"lessThan": "0.77.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T08:35:28.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5e-8f31f98e5e11"
}
],
"source": {
"advisory": "dcfa6790-c609-4ed5-ba5e-8f31f98e5e11",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in kromitgmbh/titra",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2026",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in kromitgmbh/titra"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kromitgmbh/titra",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.77.0"
}
]
}
}
]
},
"vendor_name": "kromitgmbh"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
"refsource": "MISC",
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
},
{
"name": "https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5e-8f31f98e5e11",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5e-8f31f98e5e11"
}
]
},
"source": {
"advisory": "dcfa6790-c609-4ed5-ba5e-8f31f98e5e11",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2026",
"datePublished": "2022-06-08T08:35:28.000Z",
"dateReserved": "2022-06-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2027 (GCVE-0-2022-2027)
Vulnerability from cvelistv5 – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24
VLAI
Title
Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra
Summary
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.
Severity
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kromitgmbh/titra/commit/e606b6… | x_refsource_MISC |
| https://huntr.dev/bounties/fb99c27c-7eaa-48db-be3… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kromitgmbh | kromitgmbh/titra |
Affected:
unspecified , < 0.77.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kromitgmbh/titra",
"vendor": "kromitgmbh",
"versions": [
{
"lessThan": "0.77.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T08:35:23.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"
}
],
"source": {
"advisory": "fb99c27c-7eaa-48db-be39-b804cb83871d",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2027",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kromitgmbh/titra",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.77.0"
}
]
}
}
]
},
"vendor_name": "kromitgmbh"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
"refsource": "MISC",
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
},
{
"name": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"
}
]
},
"source": {
"advisory": "fb99c27c-7eaa-48db-be39-b804cb83871d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2027",
"datePublished": "2022-06-08T08:35:23.000Z",
"dateReserved": "2022-06-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2028 (GCVE-0-2022-2028)
Vulnerability from cvelistv5 – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24
VLAI
Title
Cross-site Scripting (XSS) - Generic in kromitgmbh/titra
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.
Severity
8.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kromitgmbh/titra/commit/e606b6… | x_refsource_MISC |
| https://huntr.dev/bounties/588fb241-bc8f-40fc-82a… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kromitgmbh | kromitgmbh/titra |
Affected:
unspecified , < 0.77.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/588fb241-bc8f-40fc-82a4-df249956d69f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kromitgmbh/titra",
"vendor": "kromitgmbh",
"versions": [
{
"lessThan": "0.77.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T08:35:18.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/588fb241-bc8f-40fc-82a4-df249956d69f"
}
],
"source": {
"advisory": "588fb241-bc8f-40fc-82a4-df249956d69f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in kromitgmbh/titra",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2028",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Generic in kromitgmbh/titra"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kromitgmbh/titra",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.77.0"
}
]
}
}
]
},
"vendor_name": "kromitgmbh"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
"refsource": "MISC",
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
},
{
"name": "https://huntr.dev/bounties/588fb241-bc8f-40fc-82a4-df249956d69f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/588fb241-bc8f-40fc-82a4-df249956d69f"
}
]
},
"source": {
"advisory": "588fb241-bc8f-40fc-82a4-df249956d69f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2028",
"datePublished": "2022-06-08T08:35:18.000Z",
"dateReserved": "2022-06-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2029 (GCVE-0-2022-2029)
Vulnerability from cvelistv5 – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24
VLAI
Title
Cross-site Scripting (XSS) - DOM in kromitgmbh/titra
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.
Severity
8.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/9052a874-634c-473e-a2b… | x_refsource_CONFIRM |
| https://github.com/kromitgmbh/titra/commit/e606b6… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kromitgmbh | kromitgmbh/titra |
Affected:
unspecified , < 0.77.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/9052a874-634c-473e-a2b3-65112181543f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kromitgmbh/titra",
"vendor": "kromitgmbh",
"versions": [
{
"lessThan": "0.77.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T08:35:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/9052a874-634c-473e-a2b3-65112181543f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
}
],
"source": {
"advisory": "9052a874-634c-473e-a2b3-65112181543f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in kromitgmbh/titra",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2029",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - DOM in kromitgmbh/titra"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kromitgmbh/titra",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.77.0"
}
]
}
}
]
},
"vendor_name": "kromitgmbh"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9052a874-634c-473e-a2b3-65112181543f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9052a874-634c-473e-a2b3-65112181543f"
},
{
"name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
"refsource": "MISC",
"url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
}
]
},
"source": {
"advisory": "9052a874-634c-473e-a2b3-65112181543f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2029",
"datePublished": "2022-06-08T08:35:13.000Z",
"dateReserved": "2022-06-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:43.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}