CVE-2022-1536

Name of the Vulnerable Software and Affected Versions automad versions up to 1.10.9

Description A problematic issue has been found in the Dashboard, where the manipulation of the title argument with a specific input, such as Home</title><script>alert("home")</script><title>, leads to a cross-site scripting issue. The attack can be initiated remotely but requires authentication. The details of the exploit have been disclosed to the public and may be used.

Recommendations For versions up to 1.10.9, consider disabling the Dashboard or restricting access to it until a patch is available. As a temporary workaround, avoid using the title argument in the affected area to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.