CVE-2022-23051

Name of the Vulnerable Software and Affected Versions PeteReport version 0.5

Description The issue allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the svg file parameter. This enables the execution of malicious code, potentially leading to security breaches.

Recommendations For PeteReport version 0.5, consider disabling the ability to add 'Attack Tree' elements or restrict modifications to the svg file parameter until a patch is available. As a temporary workaround, limit access to admin users and monitor for any suspicious activity related to JavaScript code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.