{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-32171","assignerOrgId":"478c68dd-22c1-4a41-97cd-654224dfacff","assignerShortName":"Mend","datePublished":"2022-10-06T17:14:15.732Z","dateUpdated":"2024-09-17T01:41:50.446Z","dateReserved":"2022-05-31T00:00:00.000Z"},"containers":{"cna":{"title":"Zinc - Stored XSS","datePublic":"2022-09-28T00:00:00.000Z","providerMetadata":{"orgId":"478c68dd-22c1-4a41-97cd-654224dfacff","shortName":"Mend","dateUpdated":"2022-10-11T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s credentials."}],"affected":[{"vendor":"zinc","product":"zinc","versions":[{"version":"v0.1.9","status":"affected","lessThan":"unspecified","versionType":"custom"},{"version":"unspecified","lessThanOrEqual":"v0.3.1","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d"},{"url":"https://www.mend.io/vulnerability-database/CVE-2022-32171"}],"credits":[{"lang":"en","value":"Mend Vulnerability Research Team (MVR)"}],"metrics":[{"other":{"type":"unknown","content":{"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","version":3.1,"baseScore":5.4,"baseSeverity":"MEDIUM"}}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"advisory":"https://www.mend.io/vulnerability-database/","discovery":"UNKNOWN"},"solutions":[{"lang":"en","value":"Update version to v0.3.2 or later"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T07:32:55.958Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d","tags":["x_transferred"]},{"url":"https://www.mend.io/vulnerability-database/CVE-2022-32171","tags":["x_transferred"]}]}]}}