PT-2022-19481 · Hydrogen · Hydrogen

Published

2022-05-18

Updated

2022-06-01

CVE-2022-29230

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Hydrogen versions 0.10.0 through 0.18.0

Description There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This vulnerability is exploitable in applications whose hydrating data is user controlled. The Content Security Policy is not an effective mitigation for this vulnerability.

Recommendations For Hydrogen versions 0.10.0 through 0.18.0, upgrade the project to version 0.19.0 as soon as possible, as there is no current workaround for this issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-29230

GHSA-6J22-WV8G-894F

Affected Products

Hydrogen

PT-2022-19481 · Hydrogen · Hydrogen

CVE-2022-29230

Weakness Enumeration

Related Identifiers

Affected Products

References · 9