CVE-2022-1536 Information
Jun 07, 2022
cve
Description
A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home
leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.</p>
<h2 id="cvss-vector">CVSS Vector</h2>
<p>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N</p>
<h2 id="reference">Reference</h2>
<p><a href="https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md"><em><strong>https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md</strong></em></a>
<a href="https://vuldb.com/?id.198706"><em><strong>https://vuldb.com/?id.198706</strong></em></a></p>
<h2 id="attack-complexity">Attack Complexity</h2>
<p>LOW</p>
<h2 id="privileges-required">Privileges Required</h2>
<p>LOW</p>
<h2 id="user-interaction-required">User Interaction Required</h2>
<p>LOW</p>
<h2 id="scope">Scope</h2>
<p>REQUIRED</p>
<h2 id="confidentiality-impact">Confidentiality Impact</h2>
<p>CHANGED</p>
<h2 id="integrity-impact">Integrity Impact</h2>
<p>LOW</p>
<h2 id="availability-impact">Availability Impact</h2>
<p>LOW</p>
<h2 id="base-score">Base Score</h2>
<p>NONE</p>
<h2 id="base-severity">Base Severity</h2>
<p>5.4</p>
<style>
#share-buttons {display: inline-block; vertical-align: middle; }
#share-buttons:after {content: ""; display: block; clear: both;}
#share-buttons > div {
position: relative;
text-align: left;
height: 36px;
width: 32px;
float: left;
text-align: center;
}
#share-buttons > div > svg {height: 16px; fill: #09de25; margin-top: 10px;}
#share-buttons > div:hover {cursor: pointer;}
#share-buttons > div.facebook:hover > svg {fill: #09ad1e;}
#share-buttons > div.twitter:hover > svg {fill: #09ad1e;}
#share-buttons > div.linkedin:hover > svg {fill: #09ad1e;}
#share-buttons > div.pinterest:hover > svg {fill: #09ad1e;}
#share-buttons > div.gplus:hover > svg {fill: #09ad1e;}
#share-buttons > div.mail:hover > svg {fill: #09ad1e;}
#share-buttons > div.instagram:hover > svg {fill: #09ad1e;}
#share-buttons > div.facebook > svg {height: 18px; margin-top: 9px;}
#share-buttons > div.twitter > svg {height: 20px; margin-top: 8px;}
#share-buttons > div.linkedin > svg {height: 19px; margin-top: 7px;}
#share-buttons > div.pinterest > svg {height: 20px; margin-top: 9px;}
#share-buttons > div.mail > svg {height: 14px; margin-top: 11px;}
</style>
<span style="color: limegreen;">Share on: </span><div id="share-buttons">
<div class="facebook" title="Share this on Facebook" onclick="window.open('http://www.facebook.com/share.php?u=https:\/\/jamesbrine.com.au\/cve-2022-1536-information\/');"><svg viewBox="0 0 1792 1792" xmlns="http://www.w3.org/2000/svg"><path d="M1343 12v264h-157q-86 0-116 36t-30 108v189h293l-39 296h-254v759h-306v-759h-255v-296h255v-218q0-186 104-288.5t277-102.5q147 0 228 12z"/></svg></div>
<div class="twitter" title="Share this on Twitter" onclick="window.open('http://twitter.com/home?status=https:\/\/jamesbrine.com.au\/cve-2022-1536-information\/');"><svg viewBox="0 0 1792 1792" xmlns="http://www.w3.org/2000/svg"><path d="M1684 408q-67 98-162 167 1 14 1 42 0 130-38 259.5t-115.5 248.5-184.5 210.5-258 146-323 54.5q-271 0-496-145 35 4 78 4 225 0 401-138-105-2-188-64.5t-114-159.5q33 5 61 5 43 0 85-11-112-23-185.5-111.5t-73.5-205.5v-4q68 38 146 41-66-44-105-115t-39-154q0-88 44-163 121 149 294.5 238.5t371.5 99.5q-8-38-8-74 0-134 94.5-228.5t228.5-94.5q140 0 236 102 109-21 205-78-37 115-142 178 93-10 186-50z"/></svg></div>
<div class="linkedin" title="Share this on Linkedin" onclick="window.open('https://www.linkedin.com/shareArticle?mini=true&url=https:\/\/jamesbrine.com.au\/cve-2022-1536-information\/&title=&summary=&source=');"><svg viewBox="0 0 1792 1792" xmlns="http://www.w3.org/2000/svg"><path d="M477 625v991h-330v-991h330zm21-306q1 73-50.5 122t-135.5 49h-2q-82 0-132-49t-50-122q0-74 51.5-122.5t134.5-48.5 133 48.5 51 122.5zm1166 729v568h-329v-530q0-105-40.5-164.5t-126.5-59.5q-63 0-105.5 34.5t-63.5 85.5q-11 30-11 81v553h-329q2-399 2-647t-1-296l-1-48h329v144h-2q20-32 41-56t56.5-52 87-43.5 114.5-15.5q171 0 275 113.5t104 332.5z"/></svg></div>
<div class="mail" title="Share this through Email" onclick="window.open('mailto:?&body=https:\/\/jamesbrine.com.au\/cve-2022-1536-information\/');"><svg viewBox="0 0 1792 1792" xmlns="http://www.w3.org/2000/svg"><path d="M1792 710v794q0 66-47 113t-113 47h-1472q-66 0-113-47t-47-113v-794q44 49 101 87 362 246 497 345 57 42 92.5 65.5t94.5 48 110 24.5h2q51 0 110-24.5t94.5-48 92.5-65.5q170-123 498-345 57-39 100-87zm0-294q0 79-49 151t-122 123q-376 261-468 325-10 7-42.5 30.5t-54 38-52 32.5-57.5 27-50 9h-2q-23 0-50-9t-57.5-27-52-32.5-54-38-42.5-30.5q-91-64-262-182.5t-205-142.5q-62-42-117-115.5t-55-136.5q0-78 41.5-130t118.5-52h1472q65 0 112.5 47t47.5 113z"/></svg></div>
</div>
<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<ins class="adsbygoogle"
style="display:block"
data-ad-format="fluid"
data-ad-layout-key="-gu-18+5g-2f-83"
data-ad-client="ca-pub-8803350446980282"
data-ad-slot="1897330987"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
</article>
</div>
</div>
</body>
</html>