Vulnerability CVE-2022-32172


Published: 2022-10-06

Description:
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user??s credentials.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://www.mend.io/vulnerability-database/CVE-2022-32172
https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d

Copyright 2026, cxsecurity.com

 

Back to Top