CVE-2022-2925

描述

Appwrite is vulnerable to stored cross-site scripting in usernames, function names, storage bucket names, and database collection names.

受影響套件(1)

• Packagist/appwrite/server-cefrom 0, < 1.0.0-RC1

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-2925
• PATCHhttps://github.com/appwrite/appwrite
• WEBhttps://drive.google.com/file/d/1JoMQy1KTodVtIVOzH3vKcC3AwZz0PrFb/view?usp=sharing
• WEBhttps://github.com/appwrite/appwrite/commit/b5b4d92623c13fa8e5c71736db461e81fb7a7ade
• WEBhttps://huntr.dev/bounties/a3b4148f-165f-4583-abed-5568696d99dc