Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-41431
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-17 Oct, 2022 | 21:15
Updated At-14 May, 2025 | 21:15

xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CPE Matches
mindskip
mindskip
>>xzs>>3.8.0
cpe:2.3:a:mindskip:xzs:3.8.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE-79Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/mindskip/xzscve@mitre.org
Third Party Advisory
https://github.com/mindskip/xzs.aacve@mitre.org
Broken Link
https://sudsy-fish-73d.notion.site/XSS-about-xzs-system-31f689f2f3014ba99f12423fae521e49cve@mitre.org
Exploit
Third Party Advisory
https://www.mindskip.net/xzs.html%3Bcve@mitre.org
N/A
https://github.com/mindskip/xzsaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://github.com/mindskip/xzs.aaaf854a3a-2127-422b-91ae-364da2661108
Broken Link
https://sudsy-fish-73d.notion.site/XSS-about-xzs-system-31f689f2f3014ba99f12423fae521e49af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.mindskip.net/xzs.html%3Baf854a3a-2127-422b-91ae-364da2661108
N/A
Change History
0Changes found
Details not found