CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
21.1%
github.com/zitadel/zitadel is vulnerable to Cross-Site Scripting. This vulnerability exists due to a missing security header in asset.go
, allowing an attacker to inject and execute malicious JavaScript in the victim’s browser via a crafted SVG image.
github.com/zitadel/zitadel/commit/56897926a11c62bf2f104976692a456b3e06fc4f
github.com/zitadel/zitadel/commit/78aa000d13ea2670cff16c01c23574f656f9a8f7
github.com/zitadel/zitadel/releases/tag/v2.38.2
github.com/zitadel/zitadel/releases/tag/v2.39.2
github.com/zitadel/zitadel/security/advisories/GHSA-954h-jrpm-72pm