DescriptionA cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- openSUSE-SU-2022:10230-1, published Sun Dec 4 16:43:16 2022
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Package Hub 15 SP4|| ||Patchnames: |
|openSUSE Leap 15.4|| ||Patchnames: |
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA cherrytree-0.99.49+3-1.1
SUSE Timeline for this CVECVE page created: Thu Aug 18 02:00:14 2022
CVE page last modified: Sun Dec 4 18:21:47 2022