CVE-2022-24864

Name of the Vulnerable Software and Affected Versions Origin Protocol (affected versions not specified)

Description The Origin Protocol project website is susceptible to malicious Javascript injection via a POST request to "/presale/join". User-controlled data is passed without sanitization to SendGrid and injected into an email delivered to the founders@originprotocol.com. If the email recipient's program is vulnerable to XSS, they may receive an email with malicious XSS. Regardless, the hacker can inject malicious HTML that modifies the email's body content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.