Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by cerebrate-project
CVE-2025-66385 (GCVE-0-2025-66385)
Vulnerability from cvelistv5 – Published: 2025-11-28 00:00 – Updated: 2025-11-28 15:18
VLAI?
Summary
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in the edit request.
Severity ?
CWE
- CWE-472 - External Control of Assumed-Immutable Web Parameter
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cerebrate-project | Cerebrate |
Affected:
0 , < 1.30
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T15:18:18.228192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T15:18:23.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cerebrate",
"vendor": "cerebrate-project",
"versions": [
{
"lessThan": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerebrate-project:cerebrate:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in the edit request."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T06:54:52.767Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/compare/v1.29...v1.30"
},
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/c9bfa90abc85d4a20a9cc2f282959b72bef829bb"
},
{
"url": "https://vulnerability.circl.lu/api/vulnerability/gcve-1-2025-0017"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66385",
"datePublished": "2025-11-28T00:00:00.000Z",
"dateReserved": "2025-11-28T00:00:00.000Z",
"dateUpdated": "2025-11-28T15:18:23.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-41908 (GCVE-0-2023-41908)
Vulnerability from cvelistv5 – Published: 2023-09-05 00:00 – Updated: 2024-09-30 15:49
VLAI?
Summary
Cerebrate before 1.15 lacks the Secure attribute for the session cookie.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/9be81055651649658243b5aa274b175064bfc6db"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/compare/v1.14...v1.15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T15:49:38.462879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T15:49:49.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cerebrate before 1.15 lacks the Secure attribute for the session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T06:13:45.729Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/9be81055651649658243b5aa274b175064bfc6db"
},
{
"url": "https://github.com/cerebrate-project/cerebrate/compare/v1.14...v1.15"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41908",
"datePublished": "2023-09-05T00:00:00.000Z",
"dateReserved": "2023-09-05T00:00:00.000Z",
"dateUpdated": "2024-09-30T15:49:49.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41363 (GCVE-0-2023-41363)
Vulnerability from cvelistv5 – Published: 2023-08-29 00:00 – Updated: 2024-10-01 20:40
VLAI?
Summary
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/8e616180ba0d6a1fcb8326dbe39307960ee1946c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T20:40:34.288512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T20:40:43.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T04:31:53.478Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/8e616180ba0d6a1fcb8326dbe39307960ee1946c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41363",
"datePublished": "2023-08-29T00:00:00.000Z",
"dateReserved": "2023-08-29T00:00:00.000Z",
"dateUpdated": "2024-10-01T20:40:43.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28883 (GCVE-0-2023-28883)
Vulnerability from cvelistv5 – Published: 2023-03-27 00:00 – Updated: 2025-02-19 17:07
VLAI?
Summary
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/5f1c99cd534442ec40c2129769608e3e61ff8be3"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/cerebrate-blind-sql-injection/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T17:07:06.173045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T17:07:13.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T21:18:01.636Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/5f1c99cd534442ec40c2129769608e3e61ff8be3"
},
{
"url": "https://zigrin.com/advisories/cerebrate-blind-sql-injection/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28883",
"datePublished": "2023-03-27T00:00:00.000Z",
"dateReserved": "2023-03-27T00:00:00.000Z",
"dateUpdated": "2025-02-19T17:07:13.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26468 (GCVE-0-2023-26468)
Vulnerability from cvelistv5 – Published: 2023-02-23 00:00 – Updated: 2025-03-12 14:05
VLAI?
Summary
Cerebrate 1.12 does not properly consider organisation_id during creation of API keys.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/7ccf9252470a23acc38ad6ed13eecf523e368b48"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T13:58:23.186674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T14:05:52.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cerebrate 1.12 does not properly consider organisation_id during creation of API keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/7ccf9252470a23acc38ad6ed13eecf523e368b48"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26468",
"datePublished": "2023-02-23T00:00:00.000Z",
"dateReserved": "2023-02-23T00:00:00.000Z",
"dateUpdated": "2025-03-12T14:05:52.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25318 (GCVE-0-2022-25318)
Vulnerability from cvelistv5 – Published: 2022-02-18 00:00 – Updated: 2024-08-03 04:36
VLAI?
Summary
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/15190b930ebada9e8d294db57c96832799d9d93e"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/cerebrate-an-incorrect-sharing-group-acl/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T21:51:55.660Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/15190b930ebada9e8d294db57c96832799d9d93e"
},
{
"url": "https://zigrin.com/advisories/cerebrate-an-incorrect-sharing-group-acl/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25318",
"datePublished": "2022-02-18T00:00:00.000Z",
"dateReserved": "2022-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25319 (GCVE-0-2022-25319)
Vulnerability from cvelistv5 – Published: 2022-02-18 00:00 – Updated: 2024-11-19 19:32
VLAI?
Summary
An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/a2632349175e574cd6305fa459cd7610ea09ab61"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-forgotten-endpoint-authentication-bypass-with-open-prefix/"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/cerebrate-endpoints-could-be-open-when-not-enabled/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-03T16:41:46.454427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:32:06.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T21:52:03.999Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/a2632349175e574cd6305fa459cd7610ea09ab61"
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-forgotten-endpoint-authentication-bypass-with-open-prefix/"
},
{
"url": "https://zigrin.com/advisories/cerebrate-endpoints-could-be-open-when-not-enabled/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25319",
"datePublished": "2022-02-18T00:00:00.000Z",
"dateReserved": "2022-02-18T00:00:00.000Z",
"dateUpdated": "2024-11-19T19:32:06.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25320 (GCVE-0-2022-25320)
Vulnerability from cvelistv5 – Published: 2022-02-18 00:00 – Updated: 2024-08-03 04:36
VLAI?
Summary
An issue was discovered in Cerebrate through 1.4. Username enumeration could occur.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/88f3cc794486276a1f7e7331adb8ecb2dabd672f"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/cerebrate-username-enumeration/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. Username enumeration could occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T21:52:09.880Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/88f3cc794486276a1f7e7331adb8ecb2dabd672f"
},
{
"url": "https://zigrin.com/advisories/cerebrate-username-enumeration/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25320",
"datePublished": "2022-02-18T00:00:00.000Z",
"dateReserved": "2022-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25317 (GCVE-0-2022-25317)
Vulnerability from cvelistv5 – Published: 2022-02-18 00:00 – Updated: 2024-08-03 04:36
VLAI?
Summary
An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-28T13:05:24.628Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
},
{
"url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25317",
"datePublished": "2022-02-18T00:00:00.000Z",
"dateReserved": "2022-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25321 (GCVE-0-2022-25321)
Vulnerability from cvelistv5 – Published: 2022-02-18 00:00 – Updated: 2024-08-03 04:36
VLAI?
Summary
An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/14ec995c2bd618b181197dc6b64e63fd966b4860"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/e13b4e7bc5f1a0ff59b52162cc99405e89c0544a"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-be-careful-with-reflections-for-your-web-application-security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/cerebrate-cross-site-scripting-xss-in-bookmarks/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T21:52:17.857Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/14ec995c2bd618b181197dc6b64e63fd966b4860"
},
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/e13b4e7bc5f1a0ff59b52162cc99405e89c0544a"
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-be-careful-with-reflections-for-your-web-application-security/"
},
{
"url": "https://zigrin.com/advisories/cerebrate-cross-site-scripting-xss-in-bookmarks/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25321",
"datePublished": "2022-02-18T00:00:00.000Z",
"dateReserved": "2022-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}