CVE-2022-47968
MEDIUM WAF: High
CVSS 5.4
Published: 2022-12-27
CWE-79 CWE-79
Heimdall Application Dashboard through 2.5.4 allows reflected and stored XSS via "Application name" to the "Add application" page. The stored XSS will be triggered in the "Application list" page.
WAF Coverage Analysis
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| linuxserver | heimdall_application_dashboard | up to 2.5.4 |
References
- github.com (Exploit, Issue Tracking, Third Party Advisory)
- samy.link (Third Party Advisory)