PT-2022-25382 · Softr · Softr
Published
2022-12-19
·
Updated
2023-08-08
·
CVE-2022-40434
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Softr version 2.0
Description
The issue is related to HTML injection via the
Name field of the Account page. This allows for potential malicious code execution.Recommendations
For Softr version 2.0, consider restricting access to the Account page or limiting user input in the
Name field to prevent HTML injection until a fix is available. As a temporary workaround, disabling the ability to inject HTML code in the Name field can help mitigate the risk.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Softr