Vulnerabilities > CVE-2022-32171 - Unspecified vulnerability in Zinclabs Zinc

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

zinclabs

NVD

Published: 2022-10-06

Updated: 2024-11-21

Summary

In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s credentials.

Vulnerable Configurations

Part	Description	Count
Application	Zinclabs Zinclabs Zinc 0.1.9 Zinclabs Zinc 0.2.0 Zinclabs Zinc 0.2.1 Zinclabs Zinc 0.2.2 Zinclabs Zinc 0.2.3 Zinclabs Zinc 0.2.4 Zinclabs Zinc 0.2.5 Zinclabs Zinc 0.2.6 Zinclabs Zinc 0.2.7 Zinclabs Zinc 0.2.8 Zinclabs Zinc 0.2.9 Zinclabs Zinc 0.3.0 Zinclabs Zinc 0.3.1	13

References

https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d
https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d
https://www.mend.io/vulnerability-database/CVE-2022-32171
https://www.mend.io/vulnerability-database/CVE-2022-32171