CVE-2022-31290

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/idno/known

Identifiers

GHSA-g688-7j3c-h9f3, CVE-2022-31290

Package Slug

packagist/idno/known

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.

Affected Versions

All versions up to 1.3.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-07-26

source