Closed
Description
In GitHub Security Advisory GHSA-7j6x-42mm-p7jm, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/zinclabs/zinc | 0.3.2 | >= 0.1.9, < 0.3.2 |
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/zinclabs/zinc
versions:
- introduced: 0.1.9
fixed: 0.3.2
vulnerable_at: 0.3.1
packages:
- package: github.com/zinclabs/zinc
- module: github.com/zinclabs/zinc
versions:
- introduced: 0.1.9
fixed: 0.3.2
vulnerable_at: 0.3.1
packages:
- package: github.com/zincsearch/zincsearch
summary: Zinc Cross-site Scripting vulnerability
description: |-
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site
Scripting when using the delete template functionality. When an authenticated
user deletes a template with a XSS payload in the name field, the Javascript
payload will be executed and allow an attacker to access the user’s
credentials.
cves:
- CVE-2022-32172
ghsas:
- GHSA-7j6x-42mm-p7jm
references:
- web: https://nvd.nist.gov/vuln/detail/CVE-2022-32172
- fix: https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d
- web: https://www.mend.io/vulnerability-database/CVE-2022-32172
- fix: https://github.com/zincsearch/zincsearch/commit/3376c248bade163430f9347742428f0a82cd322d
- advisory: https://github.com/advisories/GHSA-7j6x-42mm-p7jm