CVE-2022-22114

Name of the Vulnerable Software and Affected Versions Teedy versions v1.5 through v1.9

Description The issue concerns Reflected Cross-Site Scripting (XSS) in the "search term" search functionality, which is not sufficiently sanitized, allowing the injection of arbitrary scripts. These scripts are executed in a victim's browser when they enter a crafted URL. In severe cases, the victim could be a highly privileged administrator, and the injected scripts can extract the Session ID, leading to full Account Takeover by an unauthenticated attacker.

Recommendations For versions v1.5 through v1.9, consider disabling the search functionality temporarily until a patch is available to prevent the injection of arbitrary scripts. Restrict access to the search results page to minimize the risk of exploitation. Avoid using the search term functionality in the affected versions until the issue is resolved.