Lucene search
GitHub_PCVELIST:CVE-2022-23733HistoryAug 02, 2022 - 4:05 p.m.
CVE-2022-23733 Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes
2022-08-0216:05:14
CWE-79
GitHub_P
www.cve.org
7
github
xss
vulnerability
injection
content security policy
bug bounty
EPSS
0.001
Percentile
29.8%
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Githubβs Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.
CNA Affected
[
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.3.11",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.3",
"status": "affected",
"version": "3.5",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site scripting
2022-08-02 16:15:00
cve
cve
CVE-2022-23733
2022-08-02 16:15:10
nvd
nvd
CVE-2022-23733
2022-08-02 16:15:10