Vulnerability-Lookup

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2022-2595 (GCVE-0-2022-2595)

Vulnerability from nvd – Published: 2022-08-01 14:13 – Updated: 2024-08-03 00:46

Title

Improper Authorization in kromitgmbh/titra

Summary

Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-285 - Improper Authorization

Assigner

@huntrdev

References

URL

Tags

	https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9…	x_refsource_CONFIRM
	https://github.com/kromitgmbh/titra/commit/fe8c3c…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	kromitgmbh	kromitgmbh/titra	Affected: unspecified , < 0.79.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:46:02.905Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kromitgmbh/titra",
          "vendor": "kromitgmbh",
          "versions": [
            {
              "lessThan": "0.79.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285 Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-01T14:13:06.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5"
        }
      ],
      "source": {
        "advisory": "1c6afb84-2025-46d8-9e9f-cbfc20e5d04d",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Authorization in kromitgmbh/titra",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2595",
          "STATE": "PUBLIC",
          "TITLE": "Improper Authorization in kromitgmbh/titra"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kromitgmbh/titra",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.79.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kromitgmbh"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-285 Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d"
            },
            {
              "name": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5",
              "refsource": "MISC",
              "url": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5"
            }
          ]
        },
        "source": {
          "advisory": "1c6afb84-2025-46d8-9e9f-cbfc20e5d04d",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2595",
    "datePublished": "2022-08-01T14:13:06.000Z",
    "dateReserved": "2022-08-01T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:46:02.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2098 (GCVE-0-2022-2098)

Vulnerability from nvd – Published: 2022-06-16 09:50 – Updated: 2024-08-03 00:24

Title

Weak Password Requirements in kromitgmbh/titra

Summary

Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.

Severity ?

7.1 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-521 - Weak Password Requirements

Assigner

@huntrdev

References

URL

Tags

	https://huntr.dev/bounties/a5d6c854-e158-49e9-bf4…	x_refsource_CONFIRM
	https://github.com/kromitgmbh/titra/commit/7f0907…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	kromitgmbh	kromitgmbh/titra	Affected: unspecified , < 0.78.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/a5d6c854-e158-49e9-bf40-bddc93dda7e6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kromitgmbh/titra/commit/7f09078a2ab88c35f2375c5f67bd0336c0e6c7a1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kromitgmbh/titra",
          "vendor": "kromitgmbh",
          "versions": [
            {
              "lessThan": "0.78.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-521",
              "description": "CWE-521 Weak Password Requirements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-16T09:50:10.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/a5d6c854-e158-49e9-bf40-bddc93dda7e6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kromitgmbh/titra/commit/7f09078a2ab88c35f2375c5f67bd0336c0e6c7a1"
        }
      ],
      "source": {
        "advisory": "a5d6c854-e158-49e9-bf40-bddc93dda7e6",
        "discovery": "EXTERNAL"
      },
      "title": "Weak Password Requirements in kromitgmbh/titra",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2098",
          "STATE": "PUBLIC",
          "TITLE": "Weak Password Requirements in kromitgmbh/titra"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kromitgmbh/titra",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.78.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kromitgmbh"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-521 Weak Password Requirements"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/a5d6c854-e158-49e9-bf40-bddc93dda7e6",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/a5d6c854-e158-49e9-bf40-bddc93dda7e6"
            },
            {
              "name": "https://github.com/kromitgmbh/titra/commit/7f09078a2ab88c35f2375c5f67bd0336c0e6c7a1",
              "refsource": "MISC",
              "url": "https://github.com/kromitgmbh/titra/commit/7f09078a2ab88c35f2375c5f67bd0336c0e6c7a1"
            }
          ]
        },
        "source": {
          "advisory": "a5d6c854-e158-49e9-bf40-bddc93dda7e6",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2098",
    "datePublished": "2022-06-16T09:50:10.000Z",
    "dateReserved": "2022-06-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:44.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2029 (GCVE-0-2022-2029)

Vulnerability from nvd – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24

Title

Cross-site Scripting (XSS) - DOM in kromitgmbh/titra

Summary

Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.

Severity ?

8.2 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

@huntrdev

References

URL

Tags

	https://huntr.dev/bounties/9052a874-634c-473e-a2b…	x_refsource_CONFIRM
	https://github.com/kromitgmbh/titra/commit/e606b6…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	kromitgmbh	kromitgmbh/titra	Affected: unspecified , < 0.77.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:43.962Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/9052a874-634c-473e-a2b3-65112181543f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kromitgmbh/titra",
          "vendor": "kromitgmbh",
          "versions": [
            {
              "lessThan": "0.77.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-08T08:35:13.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/9052a874-634c-473e-a2b3-65112181543f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
        }
      ],
      "source": {
        "advisory": "9052a874-634c-473e-a2b3-65112181543f",
        "discovery": "EXTERNAL"
      },
      "title": "Cross-site Scripting (XSS) - DOM in kromitgmbh/titra",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2029",
          "STATE": "PUBLIC",
          "TITLE": "Cross-site Scripting (XSS) - DOM in kromitgmbh/titra"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kromitgmbh/titra",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.77.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kromitgmbh"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/9052a874-634c-473e-a2b3-65112181543f",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/9052a874-634c-473e-a2b3-65112181543f"
            },
            {
              "name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
              "refsource": "MISC",
              "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
            }
          ]
        },
        "source": {
          "advisory": "9052a874-634c-473e-a2b3-65112181543f",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2029",
    "datePublished": "2022-06-08T08:35:13.000Z",
    "dateReserved": "2022-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:43.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2028 (GCVE-0-2022-2028)

Vulnerability from nvd – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24

Title

Cross-site Scripting (XSS) - Generic in kromitgmbh/titra

Summary

Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.

Severity ?

8.2 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

@huntrdev

References

URL

Tags

	https://github.com/kromitgmbh/titra/commit/e606b6…	x_refsource_MISC
	https://huntr.dev/bounties/588fb241-bc8f-40fc-82a…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	kromitgmbh	kromitgmbh/titra	Affected: unspecified , < 0.77.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.188Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/588fb241-bc8f-40fc-82a4-df249956d69f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kromitgmbh/titra",
          "vendor": "kromitgmbh",
          "versions": [
            {
              "lessThan": "0.77.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-08T08:35:18.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/588fb241-bc8f-40fc-82a4-df249956d69f"
        }
      ],
      "source": {
        "advisory": "588fb241-bc8f-40fc-82a4-df249956d69f",
        "discovery": "EXTERNAL"
      },
      "title": "Cross-site Scripting (XSS) - Generic in kromitgmbh/titra",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2028",
          "STATE": "PUBLIC",
          "TITLE": "Cross-site Scripting (XSS) - Generic in kromitgmbh/titra"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kromitgmbh/titra",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.77.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kromitgmbh"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
              "refsource": "MISC",
              "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
            },
            {
              "name": "https://huntr.dev/bounties/588fb241-bc8f-40fc-82a4-df249956d69f",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/588fb241-bc8f-40fc-82a4-df249956d69f"
            }
          ]
        },
        "source": {
          "advisory": "588fb241-bc8f-40fc-82a4-df249956d69f",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2028",
    "datePublished": "2022-06-08T08:35:18.000Z",
    "dateReserved": "2022-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:44.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2027 (GCVE-0-2022-2027)

Vulnerability from nvd – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24

Title

Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra

Summary

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.

Severity ?

8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

Assigner

@huntrdev

References

URL

Tags

	https://github.com/kromitgmbh/titra/commit/e606b6…	x_refsource_MISC
	https://huntr.dev/bounties/fb99c27c-7eaa-48db-be3…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	kromitgmbh	kromitgmbh/titra	Affected: unspecified , < 0.77.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.064Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kromitgmbh/titra",
          "vendor": "kromitgmbh",
          "versions": [
            {
              "lessThan": "0.77.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-08T08:35:23.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"
        }
      ],
      "source": {
        "advisory": "fb99c27c-7eaa-48db-be39-b804cb83871d",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2027",
          "STATE": "PUBLIC",
          "TITLE": "Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kromitgmbh/titra",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.77.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kromitgmbh"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
              "refsource": "MISC",
              "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
            },
            {
              "name": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"
            }
          ]
        },
        "source": {
          "advisory": "fb99c27c-7eaa-48db-be39-b804cb83871d",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2027",
    "datePublished": "2022-06-08T08:35:23.000Z",
    "dateReserved": "2022-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:44.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2026 (GCVE-0-2022-2026)

Vulnerability from nvd – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24

Title

Cross-site Scripting (XSS) - Stored in kromitgmbh/titra

Summary

Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.

Severity ?

8.2 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

@huntrdev

References

URL

Tags

	https://github.com/kromitgmbh/titra/commit/e606b6…	x_refsource_MISC
	https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	kromitgmbh	kromitgmbh/titra	Affected: unspecified , < 0.77.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.104Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5e-8f31f98e5e11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kromitgmbh/titra",
          "vendor": "kromitgmbh",
          "versions": [
            {
              "lessThan": "0.77.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-08T08:35:28.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5e-8f31f98e5e11"
        }
      ],
      "source": {
        "advisory": "dcfa6790-c609-4ed5-ba5e-8f31f98e5e11",
        "discovery": "EXTERNAL"
      },
      "title": "Cross-site Scripting (XSS) - Stored in kromitgmbh/titra",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2026",
          "STATE": "PUBLIC",
          "TITLE": "Cross-site Scripting (XSS) - Stored in kromitgmbh/titra"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kromitgmbh/titra",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.77.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kromitgmbh"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
              "refsource": "MISC",
              "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
            },
            {
              "name": "https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5e-8f31f98e5e11",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5e-8f31f98e5e11"
            }
          ]
        },
        "source": {
          "advisory": "dcfa6790-c609-4ed5-ba5e-8f31f98e5e11",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2026",
    "datePublished": "2022-06-08T08:35:28.000Z",
    "dateReserved": "2022-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:44.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2595 (GCVE-0-2022-2595)

Vulnerability from cvelistv5 – Published: 2022-08-01 14:13 – Updated: 2024-08-03 00:46

Title

Improper Authorization in kromitgmbh/titra

Summary

Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-285 - Improper Authorization

Assigner

@huntrdev

References

URL

Tags

	https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9…	x_refsource_CONFIRM
	https://github.com/kromitgmbh/titra/commit/fe8c3c…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	kromitgmbh	kromitgmbh/titra	Affected: unspecified , < 0.79.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:46:02.905Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kromitgmbh/titra",
          "vendor": "kromitgmbh",
          "versions": [
            {
              "lessThan": "0.79.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285 Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-01T14:13:06.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5"
        }
      ],
      "source": {
        "advisory": "1c6afb84-2025-46d8-9e9f-cbfc20e5d04d",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Authorization in kromitgmbh/titra",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2595",
          "STATE": "PUBLIC",
          "TITLE": "Improper Authorization in kromitgmbh/titra"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kromitgmbh/titra",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.79.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kromitgmbh"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-285 Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/1c6afb84-2025-46d8-9e9f-cbfc20e5d04d"
            },
            {
              "name": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5",
              "refsource": "MISC",
              "url": "https://github.com/kromitgmbh/titra/commit/fe8c3cdeb70e53b9f38f1022186ab16324d332c5"
            }
          ]
        },
        "source": {
          "advisory": "1c6afb84-2025-46d8-9e9f-cbfc20e5d04d",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2595",
    "datePublished": "2022-08-01T14:13:06.000Z",
    "dateReserved": "2022-08-01T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:46:02.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2098 (GCVE-0-2022-2098)

Vulnerability from cvelistv5 – Published: 2022-06-16 09:50 – Updated: 2024-08-03 00:24

Title

Weak Password Requirements in kromitgmbh/titra

Summary

Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.

Severity ?

7.1 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-521 - Weak Password Requirements

Assigner

@huntrdev

References

URL

Tags

	https://huntr.dev/bounties/a5d6c854-e158-49e9-bf4…	x_refsource_CONFIRM
	https://github.com/kromitgmbh/titra/commit/7f0907…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	kromitgmbh	kromitgmbh/titra	Affected: unspecified , < 0.78.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/a5d6c854-e158-49e9-bf40-bddc93dda7e6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kromitgmbh/titra/commit/7f09078a2ab88c35f2375c5f67bd0336c0e6c7a1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kromitgmbh/titra",
          "vendor": "kromitgmbh",
          "versions": [
            {
              "lessThan": "0.78.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-521",
              "description": "CWE-521 Weak Password Requirements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-16T09:50:10.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/a5d6c854-e158-49e9-bf40-bddc93dda7e6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kromitgmbh/titra/commit/7f09078a2ab88c35f2375c5f67bd0336c0e6c7a1"
        }
      ],
      "source": {
        "advisory": "a5d6c854-e158-49e9-bf40-bddc93dda7e6",
        "discovery": "EXTERNAL"
      },
      "title": "Weak Password Requirements in kromitgmbh/titra",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2098",
          "STATE": "PUBLIC",
          "TITLE": "Weak Password Requirements in kromitgmbh/titra"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kromitgmbh/titra",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.78.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kromitgmbh"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-521 Weak Password Requirements"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/a5d6c854-e158-49e9-bf40-bddc93dda7e6",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/a5d6c854-e158-49e9-bf40-bddc93dda7e6"
            },
            {
              "name": "https://github.com/kromitgmbh/titra/commit/7f09078a2ab88c35f2375c5f67bd0336c0e6c7a1",
              "refsource": "MISC",
              "url": "https://github.com/kromitgmbh/titra/commit/7f09078a2ab88c35f2375c5f67bd0336c0e6c7a1"
            }
          ]
        },
        "source": {
          "advisory": "a5d6c854-e158-49e9-bf40-bddc93dda7e6",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2098",
    "datePublished": "2022-06-16T09:50:10.000Z",
    "dateReserved": "2022-06-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:44.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2026 (GCVE-0-2022-2026)

Vulnerability from cvelistv5 – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24

Title

Cross-site Scripting (XSS) - Stored in kromitgmbh/titra

Summary

Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.

Severity ?

8.2 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

@huntrdev

References

URL

Tags

	https://github.com/kromitgmbh/titra/commit/e606b6…	x_refsource_MISC
	https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	kromitgmbh	kromitgmbh/titra	Affected: unspecified , < 0.77.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.104Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5e-8f31f98e5e11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kromitgmbh/titra",
          "vendor": "kromitgmbh",
          "versions": [
            {
              "lessThan": "0.77.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-08T08:35:28.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5e-8f31f98e5e11"
        }
      ],
      "source": {
        "advisory": "dcfa6790-c609-4ed5-ba5e-8f31f98e5e11",
        "discovery": "EXTERNAL"
      },
      "title": "Cross-site Scripting (XSS) - Stored in kromitgmbh/titra",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2026",
          "STATE": "PUBLIC",
          "TITLE": "Cross-site Scripting (XSS) - Stored in kromitgmbh/titra"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kromitgmbh/titra",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.77.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kromitgmbh"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
              "refsource": "MISC",
              "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
            },
            {
              "name": "https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5e-8f31f98e5e11",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/dcfa6790-c609-4ed5-ba5e-8f31f98e5e11"
            }
          ]
        },
        "source": {
          "advisory": "dcfa6790-c609-4ed5-ba5e-8f31f98e5e11",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2026",
    "datePublished": "2022-06-08T08:35:28.000Z",
    "dateReserved": "2022-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:44.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2027 (GCVE-0-2022-2027)

Vulnerability from cvelistv5 – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24

Title

Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra

Summary

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.

Severity ?

8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

Assigner

@huntrdev

References

URL

Tags

	https://github.com/kromitgmbh/titra/commit/e606b6…	x_refsource_MISC
	https://huntr.dev/bounties/fb99c27c-7eaa-48db-be3…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	kromitgmbh	kromitgmbh/titra	Affected: unspecified , < 0.77.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.064Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kromitgmbh/titra",
          "vendor": "kromitgmbh",
          "versions": [
            {
              "lessThan": "0.77.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-08T08:35:23.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"
        }
      ],
      "source": {
        "advisory": "fb99c27c-7eaa-48db-be39-b804cb83871d",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2027",
          "STATE": "PUBLIC",
          "TITLE": "Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kromitgmbh/titra",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.77.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kromitgmbh"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
              "refsource": "MISC",
              "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
            },
            {
              "name": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/fb99c27c-7eaa-48db-be39-b804cb83871d"
            }
          ]
        },
        "source": {
          "advisory": "fb99c27c-7eaa-48db-be39-b804cb83871d",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2027",
    "datePublished": "2022-06-08T08:35:23.000Z",
    "dateReserved": "2022-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:44.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2028 (GCVE-0-2022-2028)

Vulnerability from cvelistv5 – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24

Title

Cross-site Scripting (XSS) - Generic in kromitgmbh/titra

Summary

Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.

Severity ?

8.2 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

@huntrdev

References

URL

Tags

	https://github.com/kromitgmbh/titra/commit/e606b6…	x_refsource_MISC
	https://huntr.dev/bounties/588fb241-bc8f-40fc-82a…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	kromitgmbh	kromitgmbh/titra	Affected: unspecified , < 0.77.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.188Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/588fb241-bc8f-40fc-82a4-df249956d69f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kromitgmbh/titra",
          "vendor": "kromitgmbh",
          "versions": [
            {
              "lessThan": "0.77.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-08T08:35:18.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/588fb241-bc8f-40fc-82a4-df249956d69f"
        }
      ],
      "source": {
        "advisory": "588fb241-bc8f-40fc-82a4-df249956d69f",
        "discovery": "EXTERNAL"
      },
      "title": "Cross-site Scripting (XSS) - Generic in kromitgmbh/titra",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2028",
          "STATE": "PUBLIC",
          "TITLE": "Cross-site Scripting (XSS) - Generic in kromitgmbh/titra"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kromitgmbh/titra",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.77.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kromitgmbh"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
              "refsource": "MISC",
              "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
            },
            {
              "name": "https://huntr.dev/bounties/588fb241-bc8f-40fc-82a4-df249956d69f",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/588fb241-bc8f-40fc-82a4-df249956d69f"
            }
          ]
        },
        "source": {
          "advisory": "588fb241-bc8f-40fc-82a4-df249956d69f",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2028",
    "datePublished": "2022-06-08T08:35:18.000Z",
    "dateReserved": "2022-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:44.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2029 (GCVE-0-2022-2029)

Vulnerability from cvelistv5 – Published: 2022-06-08 08:35 – Updated: 2024-08-03 00:24

Title

Cross-site Scripting (XSS) - DOM in kromitgmbh/titra

Summary

Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.

Severity ?

8.2 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

@huntrdev

References

URL

Tags

	https://huntr.dev/bounties/9052a874-634c-473e-a2b…	x_refsource_CONFIRM
	https://github.com/kromitgmbh/titra/commit/e606b6…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	kromitgmbh	kromitgmbh/titra	Affected: unspecified , < 0.77.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:43.962Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/9052a874-634c-473e-a2b3-65112181543f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kromitgmbh/titra",
          "vendor": "kromitgmbh",
          "versions": [
            {
              "lessThan": "0.77.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-08T08:35:13.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/9052a874-634c-473e-a2b3-65112181543f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
        }
      ],
      "source": {
        "advisory": "9052a874-634c-473e-a2b3-65112181543f",
        "discovery": "EXTERNAL"
      },
      "title": "Cross-site Scripting (XSS) - DOM in kromitgmbh/titra",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2029",
          "STATE": "PUBLIC",
          "TITLE": "Cross-site Scripting (XSS) - DOM in kromitgmbh/titra"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kromitgmbh/titra",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.77.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kromitgmbh"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/9052a874-634c-473e-a2b3-65112181543f",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/9052a874-634c-473e-a2b3-65112181543f"
            },
            {
              "name": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694",
              "refsource": "MISC",
              "url": "https://github.com/kromitgmbh/titra/commit/e606b674a2b7564407d89e38a341d72e22b14694"
            }
          ]
        },
        "source": {
          "advisory": "9052a874-634c-473e-a2b3-65112181543f",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2029",
    "datePublished": "2022-06-08T08:35:13.000Z",
    "dateReserved": "2022-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:43.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

12 vulnerabilities found for kromitgmbh/titra by kromitgmbh

CVE-2022-2595 (GCVE-0-2022-2595)

CVE-2022-2098 (GCVE-0-2022-2098)

CVE-2022-2029 (GCVE-0-2022-2029)

CVE-2022-2028 (GCVE-0-2022-2028)

CVE-2022-2027 (GCVE-0-2022-2027)

CVE-2022-2026 (GCVE-0-2022-2026)

CVE-2022-2595 (GCVE-0-2022-2595)

CVE-2022-2098 (GCVE-0-2022-2098)

CVE-2022-2026 (GCVE-0-2022-2026)

CVE-2022-2027 (GCVE-0-2022-2027)

CVE-2022-2028 (GCVE-0-2022-2028)

CVE-2022-2029 (GCVE-0-2022-2029)

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.