PT-2022-25017 · Appsmith · Appsmith
Published
2022-09-05
·
Updated
2024-03-06
·
CVE-2022-39824
CVSS v3.1
8.9
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
Appsmith versions through 1.7.14
Description
The issue allows remote attackers to execute arbitrary JavaScript code from the server via the
currentItem property of the list widget. This can be used to perform Denial of Service (DoS) attacks or achieve an information leak.Recommendations
For Appsmith versions through 1.7.14, as a temporary workaround, consider disabling the list widget or restricting access to the
currentItem property until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Appsmith