CVE-2022-31029

Name of the Vulnerable Software and Affected Versions AdminLTE (affected versions not specified)

Description The issue allows an attacker to execute scripts by inserting malicious code, such as <script>alert("XSS")</script>, into the "Domain to look for" field and then triggering the execution by hitting enter or clicking on any of the buttons. This requires the attacker to be logged in, which is typically limited to administrators, thus minimizing the risk. There are no known instances of this issue being exploited in real-world attacks.

Recommendations Upgrade to a newer version to resolve the issue. As a temporary workaround, consider restricting access to the "Domain to look for" field to minimize the risk of exploitation.