Vulnerability-Lookup

CVE-2022-25317 (GCVE-0-2022-25317)

Vulnerability from cvelistv5 – Published: 2022-02-18 00:00 – Updated: 2024-08-03 04:36

Summary

An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.

Severity

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

Assigner

mitre

References

2 references

URL	Tags
https://github.com/cerebrate-project/cerebrate/co…
https://zigrin.com/advisories/cerebrate-reflected…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:36:06.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-28T13:05:24.628Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
        },
        {
          "url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-25317",
    "datePublished": "2022-02-18T00:00:00.000Z",
    "dateReserved": "2022-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-03T04:36:06.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-25317",
      "date": "2026-06-02",
      "epss": "0.0024",
      "percentile": "0.47412"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cerebrate-project:cerebrate:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.4\", \"matchCriteriaId\": \"94801AF4-44EE-499D-AD31-99E3EA6C79E2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado un problema en Cerebrate versiones hasta 1.4. genericForm permite reflejar un ataque de tipo XSS en las descripciones de los formularios por medio de una descripci\\u00f3n controlada por el usuario\"}]",
      "id": "CVE-2022-25317",
      "lastModified": "2024-11-21T06:51:59.260",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-02-18T06:15:10.357",
      "references": "[{\"url\": \"https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-25317\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-02-18T06:15:10.357\",\"lastModified\":\"2024-11-21T06:51:59.260\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema en Cerebrate versiones hasta 1.4. genericForm permite reflejar un ataque de tipo XSS en las descripciones de los formularios por medio de una descripci\u00f3n controlada por el usuario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cerebrate-project:cerebrate:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4\",\"matchCriteriaId\":\"94801AF4-44EE-499D-AD31-99E3EA6C79E2\"}]}]}],\"references\":[{\"url\":\"https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CNVD-2022-77054

Vulnerability from cnvd - Published: 2022-11-15

Title

Cerebrate存在未明漏洞（CNVD-2022-77054）

Description

Cerebrate是一个开源平台。旨在充当受信任的联系信息提供者和其他安全工具的互连协调器。 Cerebrate 1.4存在安全漏洞，该漏洞源于genericForm允许通过用户控制的描述在表单描述中反射XSS。目前没有详细漏洞细节提供。

Severity

中

Patch Name

Cerebrate存在未明漏洞（CNVD-2022-77054）的补丁

Patch Description

Cerebrate是一个开源平台。旨在充当受信任的联系信息提供者和其他安全工具的互连协调器。 Cerebrate 1.4存在安全漏洞，该漏洞源于genericForm允许通过用户控制的描述在表单描述中反射XSS。目前没有详细漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238

Reference

https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238

Impacted products

Name
Cerebrate project Cerebrate 1.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-25317",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-25317"
    }
  },
  "description": "Cerebrate\u662f\u4e00\u4e2a\u5f00\u6e90\u5e73\u53f0\u3002\u65e8\u5728\u5145\u5f53\u53d7\u4fe1\u4efb\u7684\u8054\u7cfb\u4fe1\u606f\u63d0\u4f9b\u8005\u548c\u5176\u4ed6\u5b89\u5168\u5de5\u5177\u7684\u4e92\u8fde\u534f\u8c03\u5668\u3002\n\nCerebrate 1.4\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8egenericForm\u5141\u8bb8\u901a\u8fc7\u7528\u6237\u63a7\u5236\u7684\u63cf\u8ff0\u5728\u8868\u5355\u63cf\u8ff0\u4e2d\u53cd\u5c04XSS\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-77054",
  "openTime": "2022-11-15",
  "patchDescription": "Cerebrate\u662f\u4e00\u4e2a\u5f00\u6e90\u5e73\u53f0\u3002\u65e8\u5728\u5145\u5f53\u53d7\u4fe1\u4efb\u7684\u8054\u7cfb\u4fe1\u606f\u63d0\u4f9b\u8005\u548c\u5176\u4ed6\u5b89\u5168\u5de5\u5177\u7684\u4e92\u8fde\u534f\u8c03\u5668\u3002\r\n\r\nCerebrate 1.4\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8egenericForm\u5141\u8bb8\u901a\u8fc7\u7528\u6237\u63a7\u5236\u7684\u63cf\u8ff0\u5728\u8868\u5355\u63cf\u8ff0\u4e2d\u53cd\u5c04XSS\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cerebrate\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-77054\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cerebrate project Cerebrate 1.4"
  },
  "referenceLink": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238",
  "serverity": "\u4e2d",
  "submitTime": "2022-02-22",
  "title": "Cerebrate\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-77054\uff09"
}

FKIE_CVE-2022-25317

Vulnerability from fkie_nvd - Published: 2022-02-18 06:15 - Updated: 2024-11-21 06:51

Severity

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.

References

URL	Tags
cve@mitre.org	https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238	Patch, Third Party Advisory
cve@mitre.org	https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/
af854a3a-2127-422b-91ae-364da2661108	https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/

Impacted products

	Vendor	Product	Version
	cerebrate-project	cerebrate	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cerebrate-project:cerebrate:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94801AF4-44EE-499D-AD31-99E3EA6C79E2",
              "versionEndIncluding": "1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Cerebrate versiones hasta 1.4. genericForm permite reflejar un ataque de tipo XSS en las descripciones de los formularios por medio de una descripci\u00f3n controlada por el usuario"
    }
  ],
  "id": "CVE-2022-25317",
  "lastModified": "2024-11-21T06:51:59.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-18T06:15:10.357",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FF7H-W5RR-X7JC

Vulnerability from github – Published: 2022-02-19 00:01 – Updated: 2023-09-28 15:30

Details

An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.

Severity

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-25317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-18T06:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.",
  "id": "GHSA-ff7h-w5rr-x7jc",
  "modified": "2023-09-28T15:30:16Z",
  "published": "2022-02-19T00:01:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25317"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
    },
    {
      "type": "WEB",
      "url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-25317

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.

Aliases

CVE-2022-25317

Aliases

CVE-2022-25317

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-25317",
    "description": "An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.",
    "id": "GSD-2022-25317"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-25317"
      ],
      "details": "An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.",
      "id": "GSD-2022-25317",
      "modified": "2023-12-13T01:19:26.949742Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-25317",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238",
            "refsource": "MISC",
            "url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
          },
          {
            "name": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/",
            "refsource": "MISC",
            "url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cerebrate-project:cerebrate:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-25317"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
            },
            {
              "name": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2023-09-28T14:15Z",
      "publishedDate": "2022-02-18T06:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-25317 (GCVE-0-2022-25317)

CNVD-2022-77054

FKIE_CVE-2022-25317

GHSA-FF7H-W5RR-X7JC

GSD-2022-25317

Tags

Sightings

Nomenclature