CVE-2022-34009

Name of the Vulnerable Software and Affected Versions Fossil version 2.18

Description The issue allows attackers to cause a denial of service, resulting in a daemon crash, by utilizing an XSS payload in a ticket. This happens because ticket data is stored in a temporary file, and the product fails to handle the file's absence properly after it has been flagged as malware by Windows Defender.

Recommendations For Fossil version 2.18, consider updating to a newer version that addresses this issue, or as a temporary workaround, implement additional security measures to prevent XSS payloads in tickets.