CVE-2022-31290

描述

A cross-site scripting (XSS) vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the `dev` branch of the idno/known repository.

受影響套件(1)

• Packagist/idno/knownfrom 0, <= 1.3.1

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-31290
• PATCHhttps://github.com/idno/known
• WEBhttp://docs.withknown.com/en/latest/install/index.html
• WEBhttps://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software
• WEBhttps://withknown.com