CVE-2022-35133 — Vulnetix

CVE-2022-35133 PUBLISHED

A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.

EPSS 0.27% · 50.7th percentile

Risk Scores

EPSS Score

0.27%

50.7th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
cherrytree_project	cherrytree	0.99.30

Exploit Intelligence

https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing (circl)

Timeline

Aug 17, 2022 CVE Published
Aug 18, 2022 EPSS Score
Oct 3, 2022 EPSS Score
Nov 18, 2022 EPSS Score
Jan 3, 2023 EPSS Score
Feb 18, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 4, 2023 EPSS Score
May 20, 2023 EPSS Score
Jul 5, 2023 EPSS Score
Aug 20, 2023 EPSS Score
Oct 5, 2023 EPSS Score

References

https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing url
https://nvd.nist.gov/vuln/detail/CVE-2022-35133 advisory

Open in Interactive Console →