Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-1231HistoryApr 15, 2022 - 3:15 p.m.
CVE-2022-1231
2022-04-1515:15:00
Alpine Linux Development Team
security.alpinelinux.org
20
cve-2022-1231
svg diagram format
stored xss
github
web based applications
clickable links
confluence plugin
plantuml/plantuml.
EPSS
0.002
Percentile
51.8%
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | plantuml | = 1.2022.3-r0 | UNKNOWN |
Related
prion
prion
Format string
2022-04-15 15:15:00
huntr
huntr
XSS via Embedded SVG in SVG Diagram Format
2022-04-03 14:34:37
openvas
openvas
Fedora: Security Advisory for plantuml (FEDORA-2022-e8b1324ec8)
2022-04-27 00:00:00
Fedora: Security Advisory for plantuml (FEDORA-2022-930b54aa84)
2022-05-08 00:00:00
nvd
nvd
CVE-2022-1231
2022-04-15 15:15:12
ubuntucve
ubuntucve
CVE-2022-1231
2022-04-15 00:00:00
cvelist
cvelist
veracode
veracode
Cross-site Scripting (XSS)
2022-04-19 11:13:20
cve
cve
CVE-2022-1231
2022-04-15 15:15:12
osv
osv
CVE-2022-1231
2022-04-15 15:15:12
fedora
fedora
[SECURITY] Fedora 36 Update: plantuml-1.2022.4-1.fc36
2022-05-07 05:04:34
[SECURITY] Fedora 35 Update: plantuml-1.2022.2-1.fc35
2022-04-26 07:32:28
debiancve
debiancve
CVE-2022-1231
2022-04-15 15:15:12